11-14-2014 06:46 AM - edited 03-11-2019 10:04 PM
Please check my pack trace outpu, when you get a Phase 3 issue, how can I keep doing the troubleshooting.?
thansk.
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 3
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Solved! Go to Solution.
11-14-2014 07:02 AM
You need to allow the traffic in the ACL thats assigned to the interface where the traffic is entering the ASA. The "Implicit Rule" is always used when no other rule matches.
11-14-2014 07:02 AM
You need to allow the traffic in the ACL thats assigned to the interface where the traffic is entering the ASA. The "Implicit Rule" is always used when no other rule matches.
11-17-2014 01:21 PM
Karsten
Look this output, where should I create the acls? Thanks.
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 142.100.64.0 255.255.255.0 inside
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.18.3.23 255.255.255.255 outside
Phase: 5
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
11-17-2014 01:43 PM
Always the interface where the initial traffic enters the ASA. Seems to be the outside interface in your case.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide