Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3427
Views
15
Helpful
1
Replies

Question on ASA packet flow

23nick
Level 1
Level 1

‎06-22-2020 11:10 AM

Hello,

While studying asa packet flow, its mentioned first it checks existing connection, if no then it check acl. But when i telnet from R3 to 12.1.1.254 (natted ip of R1 loopback 192.168.1.1) so on asa i issued packet tracer command to see the steps of asa packet verification. So there the flow was different, 1st it does UN-NAT then acl and then NAT again and i did not understand this part.

Could someone please help me clear this.

 

asapacketflow.JPG

topologytopology

 

 

 

packet-tracer2packet-tracer2

 

packet_tracer2.jpg

 

Thanks

1 Reply 1

Rob Ingram
VIP
VIP

‎06-22-2020 11:37 AM - edited ‎06-22-2020 11:49 AM

Hi,

You've got an old diagram, this diagram below represents what you are experiencing - NAT untranslate then ACL check

ASA OOO.PNG

 

Check out this Cisco Live presentation from 2020,

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2020/pdf/DGTL-BRKSEC-3020.pdf

 

HTH

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card