ciscoasa# packet-tracer input dmz3 icmp 17.50.1.21 0 8 172.20.1.53 det
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
static (inside,dmz3) 172.20.1.0 172.20.1.0 netmask 255.255.255.0
nat-control
match ip inside 172.20.1.0 255.255.255.0 dmz3 any
static translation to 172.20.1.0
translate_hits = 2, untranslate_hits = 1816
Additional Information:
NAT divert to egress interface inside
Untranslate 172.20.1.0/0 to 172.20.1.0/0 using netmask 255.255.255.0
Phase: 3
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xac2bd1b0, priority=0, domain=permit, deny=true
hits=1827, user_data=0x9, cs_id=0x0, flags=0x1000, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0
Result:
input-interface: dmz3
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
what this error mean? i dont know