Hi,

I cant seem to png from dmz to outside - i get the following output

nat (dmz,outside) source dynamic any interface

timeout pat-xlate 0:00:30
12asa01# packet-tracer input dmz icmp 192.168.0.10 1 1 4.2.2.2 detailed

Phase: 1
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
in   0.0.0.0         0.0.0.0         via 82.184.34.201, outside

Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group dmz_access_in in interface dmz
access-list dmz_access_in extended permit object-group DM_INLINE_SERVICE_1 192.168.0.0 255.255.255.0 any
object-group service DM_INLINE_SERVICE_1
 service-object tcp-udp destination eq domain
 service-object tcp-udp destination eq www
 service-object tcp destination eq domain
 service-object tcp destination eq ftp
 service-object tcp destination eq ftp-data
 service-object tcp destination eq https
 service-object icmp echo
 service-object icmp echo-reply
 service-object icmp
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fff2dbca860, priority=13, domain=permit, deny=false
        hits=7, user_data=0x7fff24cae200, cs_id=0x0, use_real_addr, flags=0x0, protocol=1
        src ip/id=192.168.0.0, mask=255.255.255.0, icmp-type=0, tag=0
        dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, tag=0, dscp=0x0
        input_ifc=dmz, output_ifc=any

Phase: 3
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (dmz,outside) source dynamic any interface
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fff2d23a5e0, priority=6, domain=nat, deny=false
        hits=1, user_data=0x7fff2bb97b00, cs_id=0x0, flags=0x0, protocol=0
        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
        input_ifc=dmz, output_ifc=outside

Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fff2afdcf40, priority=0, domain=nat-per-session, deny=true
        hits=1386920, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=0
        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
        input_ifc=any, output_ifc=any

Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fff2bb21730, priority=0, domain=inspect-ip-options, deny=true
        hits=232808, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
        input_ifc=dmz, output_ifc=any

Result:
input-interface: dmz
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (nat-xlate-failed) NAT failed

asa# sh run nat

nat (dmz,outside) source dynamic any interface

asa#sh run int gi0/2

interface GigabitEthernet0/2
 nameif dmz
 security-level 50
 ip address 192.168.0.1 255.255.255.0

interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address 100.1.1.1 255.255.255.248