Hi all,

I have ASA5520 8.4 INSIDE network (10.0.0.0/24) and DMZ network (webserver-->172.16.0.5). Webserver is static NAT with 116.x.x.146.

When i access my webserver from INSIDE network to ip 116.x.x.145 no problem at all. But when i access my webserver to its local ip 172.16.0.5 it is not access from INSIDE network.ASDM log show that "Traffic fails due to NAT Reverse Path Failure (RPF) Error: Asymmetric NAT rules matched for forward and reverse flows".

object network inside_10
subnet 10.0.0.0 255.0.0.0
description Inside 10 Network

object network outside-pool
range 116.x.x.147 116.x.x.149
description NAT Dynamic Pool

object network DMZ-server-Global
host 116.x.x.146
object network DMZ-server-Real
host 172.16.0.5

object network inside_10
nat (INSIDE,any) dynamic outside-pool
object network DMZ-server-Real
nat (DMZ,any) static DMZ-server-Global

ASA5520# packet-tracer input INSIDE icmp 10.0.0.5 8 1 1 172.16.0.5

Phase: 6
Type: NAT
Subtype:
Result: ALLOW
Config:
object network inside_10
nat (INSIDE,any) dynamic outside-pool
Additional Information:
Dynamic translate 10.0.0.5/1 to 116.x.x.148/1

Phase: 7
Type: NAT
Subtype: rpf-check
Result: DROP
Config:
object network DMZ-server-Real
nat (DMZ,any) static DMZ-server-Global
Additional Information:

Result:
input-interface: INSIDE
input-status: up
input-line-status: up
output-interface: DMZ
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

ASA5520#

Regards,

Uzair Hussain