05-11-2018 03:22 PM - edited 02-21-2020 07:45 AM
Traffic is flowing from DMZ where source IP is public and coming to inside on port 1812
9 19:28:17 efw-1 %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for udp src DMZ86:192.41.x.x/54535 dst inside:10.22.183.102/1812 denied due to NAT reverse path failure
How can i fix this?
Regards
MAhesh
05-11-2018 03:38 PM
05-12-2018 09:34 AM
here is packet tracer
packet-tracer input DMZ86 udp 192.41.x.x 1024 10.22.183.102 1812
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 10.0.0.0 255.0.0.0 inside
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group DMZ86_acl in interface DMZ86
access-list DMZ86_acl extended permit udp host 192.41.x.x host 10.22.183.102 eq 1812 log
Additional Information:
Phase: 3
Type: CONN-SETTINGS
Subtype:
Result: ALLOW
Config:
class-map class-default
match any
policy-map global_policy
class class-default
set connection decrement-ttl
service-policy global_policy global
Additional Information:
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: FOVER
Subtype: standby-update
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (DMZ86,DMZ64) 192.41.148.96 192.41.148.96 netmask 255.255.255.224
nat-control
match ip DMZ86 192.41.148.96 255.255.255.224 DMZ64 any
static translation to 192.41.148.96
translate_hits = 0, untranslate_hits = 33
Additional Information:
Phase: 7
Type: NAT
Subtype: rpf-check
Result: DROP
Config:
nat (inside) 2 0.0.0.0 0.0.0.0
nat-control
match ip inside any DMZ86 any
dynamic translation to pool 2 (192.41.148.97)
translate_hits = 895580, untranslate_hits = 1309
Additional Information:
Result:
input-interface: DMZ86
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
05-12-2018 10:01 AM
05-12-2018 11:33 AM
let me know which specfic config you need
i can put that as it has lot of config?
05-12-2018 11:38 AM
05-12-2018 11:40 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide