Hi Aditya, 

This is the result of: packet-tracer input outside tcp 4.2.2.2 7676 my_remote_ip 80 det

Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7f2cb8d17950, priority=1, domain=permit, deny=false
hits=19263822, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0100.0000.0000
input_ifc=outside, output_ifc=any

Phase: 2
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
found next-hop 192.168.12.1 using egress ifc outside

Phase: 3
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7f2cba69d620, priority=11, domain=permit, deny=true
hits=0, user_data=0x6, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=outside, output_ifc=any

Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

192.168.12.2 is the ip of the ASA outside interface.

I have attached to this post a schematic of the network.

Regards

Hi,

I checked this:

input-interface: outside
input-status: up
input-line-status: up
output-interface: outside

Why is it taking this path?

Can you share the NAT statement for this traffic?

Regards,

Aditya

Please rate helpful and mark correct answers

This is the NAT Statement which DROP the packet.

obj_any1 is 0.0.0.0/0.0.0.0

object network obj_any1
nat (any,outside) dynamic interface

Show nat results

Auto NAT Policies (Section 2)
1 (any) to (outside) source dynamic obj_any1 interface
translate_hits = 30140, untranslate_hits = 692
2 (inside_3) to (outside) source dynamic obj_any3 interface
translate_hits = 0, untranslate_hits = 0
3 (inside_4) to (outside) source dynamic obj_any4 interface
translate_hits = 0, untranslate_hits = 0
4 (inside_5) to (outside) source dynamic obj_any5 interface
translate_hits = 0, untranslate_hits = 0
5 (inside_6) to (outside) source dynamic obj_any6 interface
translate_hits = 0, untranslate_hits = 0
6 (inside_7) to (outside) source dynamic obj_any7 interface
translate_hits = 5958, untranslate_hits = 1

I got an error with:

nat (inside,outside) static interface service tcp http http
                ^
ERROR: % Invalid input detected at '^' marker.

In attachment a view of the interfaces.

Thanks to you Aditya, i solve the problem.

I have to use:

object network obj_192.168.0.3

host 192.168.0.3

nat (inside_1,outside) static interface service tcp http http

Regards

Happy to help :)

Regards,

Aditya

Please rate helpful and mark correct answers