This is on a customer 5520 so I can't post the config. Also I only have ASDM access to it as it's at a remote location and that's how it was setup. So...
Server1 is 172.16.9.112 /22 and needs to talk to Server2 which is 172.16.12.3 /22
NAT control is enabed
packet tracer is showing the implicit deny at the end of the following ACL as dropping, line 37 wasn't there initially, that's what i added....but same result in packet tracer.
access-list inside_acl; 84 elements
access-list inside_acl line 1 extended permit ip host 172.16.11.220 any (hitcnt=0) 0xbfda8ac7
access-list inside_acl line 2 extended permit ip host 172.16.11.5 any (hitcnt=0) 0xe65889e3
access-list inside_acl line 3 extended permit tcp host 172.16.0.0 any eq citrix-ica (hitcnt=0) 0x20f0ea4e
access-list inside_acl line 4 extended permit udp host 172.16.0.0 any eq 1494 (hitcnt=0) 0xf226e3e8
access-list inside_acl line 5 extended permit tcp host 172.16.11.28 any eq www (hitcnt=1032) 0x26d12da9
access-list inside_acl line 6 extended permit tcp host 172.16.30.5 any eq www (hitcnt=11259) 0xc4065447
access-list inside_acl line 7 extended permit tcp host 172.16.11.241 any eq www (hitcnt=0) 0x59447315
access-list inside_acl line 8 extended permit tcp host 172.16.11.2 any eq www (hitcnt=1288935) 0x849a032f
access-list inside_acl line 9 extended permit tcp host 172.16.11.1 any eq www (hitcnt=1106) 0x839a574e
access-list inside_acl line 10 extended permit tcp host 172.16.11.221 any eq www (hitcnt=0) 0xcc144af0
access-list inside_acl line 11 extended permit tcp host 172.16.11.28 any (hitcnt=60) 0x7402eec3
access-list inside_acl line 12 extended permit tcp host 172.16.30.9 any (hitcnt=0) 0xdd7b0946
access-list inside_acl line 13 extended permit ip host 172.16.11.28 any (hitcnt=2) 0x0a982bbc
access-list inside_acl line 14 extended permit ip host 172.16.30.9 any (hitcnt=0) 0xfab9a6b0
access-list inside_acl line 15 extended permit tcp host 172.16.11.16 any eq www (hitcnt=0) 0x3bed5f92
access-list inside_acl line 16 extended permit tcp host 172.16.11.16 any eq ftp (hitcnt=0) 0xf0018dd5
access-list inside_acl line 17 extended permit tcp host 172.16.30.230 any eq www (hitcnt=0) 0x954a8b12
access-list inside_acl line 18 extended permit tcp host 172.16.30.78 any eq www (hitcnt=539912) 0xa12b8386
access-list inside_acl line 19 extended permit ip host 172.16.12.30 any (hitcnt=1132) 0x6ed40f4e
access-list inside_acl line 20 extended permit icmp any any (hitcnt=9287635) 0x35273a55
access-list inside_acl line 21 extended permit ip host 172.16.11.0 64.90.226.0 255.255.255.0 (hitcnt=0) 0x675672d1
access-list inside_acl line 22 extended permit tcp host 172.16.11.0 64.90.226.0 255.255.255.0 (hitcnt=0) 0x3f499c6d
access-list inside_acl line 23 extended permit udp host 172.16.11.0 64.90.226.0 255.255.255.0 (hitcnt=0) 0xeac29479
access-list inside_acl line 24 extended permit tcp host 172.16.11.0 64.90.227.0 255.255.255.0 (hitcnt=0) 0x02d65bde
access-list inside_acl line 25 extended permit udp host 172.16.11.0 64.90.227.0 255.255.255.0 (hitcnt=0) 0xd7ccf6af
access-list inside_acl line 26 extended permit tcp host 172.16.11.0 24.90.235.0 255.255.255.0 (hitcnt=0) 0x7819c33d
access-list inside_acl line 27 extended permit udp host 172.16.11.0 24.90.235.0 255.255.255.0 (hitcnt=0) 0x13d841e6
access-list inside_acl line 28 extended permit tcp host 172.16.11.43 any eq www (hitcnt=424534) 0x7f47ddec
access-list inside_acl line 29 extended permit udp host 172.16.11.43 any eq www (hitcnt=0) 0x195e9f62
access-list inside_acl line 30 extended permit ip host 172.16.11.43 any (hitcnt=852263) 0x0cc9ced9
access-list inside_acl line 31 extended permit tcp host 172.16.11.229 any eq www (hitcnt=25584343) 0x92a78b92
access-list inside_acl line 32 extended permit ip host 172.20.11.11 any (hitcnt=0) 0x2d818222
access-list inside_acl line 33 extended permit ip any any (hitcnt=1816078595) 0x2ee35316
access-list inside_acl line 34 extended permit tcp any any (hitcnt=0) 0xab114b84
access-list inside_acl line 35 extended permit ip host 172.16.11.239 any (hitcnt=0) 0x283d9008
access-list inside_acl line 36 extended permit ip object-group VPN 172.20.8.0 255.255.255.0 log debugging interval 300 0x377c0d70
access-list inside_acl line 36 extended permit ip 172.16.20.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xb0f69b3c
access-list inside_acl line 36 extended permit ip 172.16.25.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xee89c3ce
access-list inside_acl line 36 extended permit ip 172.16.30.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xc9279d34
access-list inside_acl line 36 extended permit ip 172.16.35.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x8ff3ba27
access-list inside_acl line 36 extended permit ip 172.16.40.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x9054b2cc
access-list inside_acl line 36 extended permit ip 172.16.50.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x566922f0
access-list inside_acl line 36 extended permit ip 172.16.60.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x730a2aa4
access-list inside_acl line 36 extended permit ip 172.16.65.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xe4a48265
access-list inside_acl line 36 extended permit ip 172.16.70.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xfcf2fa02
access-list inside_acl line 36 extended permit ip 172.16.75.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x0be569b4
access-list inside_acl line 36 extended permit ip 172.16.85.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xb288c563
access-list inside_acl line 36 extended permit ip 172.16.95.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x8c26932a
access-list inside_acl line 36 extended permit ip 172.20.11.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x403ec994
access-list inside_acl line 36 extended permit ip 172.20.25.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xc093a553
access-list inside_acl line 36 extended permit ip 172.20.30.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xd12b35c8
access-list inside_acl line 36 extended permit ip 172.20.40.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x556c15a2
access-list inside_acl line 36 extended permit ip 172.20.50.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x8282d11e
access-list inside_acl line 36 extended permit ip 172.20.60.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xbe179bea
access-list inside_acl line 36 extended permit ip 172.20.85.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xf921a60c
access-list inside_acl line 36 extended permit ip 172.20.95.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x384d05e2
access-list inside_acl line 36 extended permit ip 192.168.30.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x547413b9
access-list inside_acl line 36 extended permit ip 192.168.50.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x423dfafb
access-list inside_acl line 36 extended permit ip 10.10.10.0 255.255.255.224 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xc411a500
access-list inside_acl line 36 extended permit ip 172.16.61.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x9ba95ded
access-list inside_acl line 36 extended permit ip 192.168.20.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x006d800b
access-list inside_acl line 36 extended permit ip 172.20.90.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x2cf56d17
access-list inside_acl line 36 extended permit ip 172.16.90.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xe72150f1
access-list inside_acl line 36 extended permit ip 172.16.86.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x0fa58760
access-list inside_acl line 36 extended permit ip 172.16.87.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xe8cbf2b2
access-list inside_acl line 36 extended permit ip 172.16.100.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x573669bc
access-list inside_acl line 36 extended permit ip 172.21.11.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x314a8ebd
access-list inside_acl line 36 extended permit ip 172.16.37.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xe715a700
access-list inside_acl line 36 extended permit ip 172.16.4.0 255.255.252.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x0095535a
access-list inside_acl line 36 extended permit ip 172.16.36.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x9c8aca24
access-list inside_acl line 36 extended permit ip 172.16.12.0 255.255.252.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xab3a59d4
access-list inside_acl line 36 extended permit ip 128.17.0.0 255.255.0.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x7c84da24
access-list inside_acl line 36 extended permit ip 128.18.0.0 255.255.0.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x59c77c1d
access-list inside_acl line 36 extended permit ip 128.19.0.0 255.255.0.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x89c0a16d
access-list inside_acl line 36 extended permit ip 128.20.0.0 255.255.0.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x50ee57cb
access-list inside_acl line 36 extended permit ip 128.21.0.0 255.255.0.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xd256f545
access-list inside_acl line 36 extended permit ip 128.22.0.0 255.255.0.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x4c348b4c
access-list inside_acl line 36 extended permit ip 128.23.0.0 255.255.0.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x5fb7f057
access-list inside_acl line 36 extended permit ip 128.24.0.0 255.255.0.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x6d808e91
access-list inside_acl line 36 extended permit ip 172.16.8.0 255.255.252.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xe838eb75
access-list inside_acl line 36 extended permit ip 172.16.91.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0xa0c922fd
access-list inside_acl line 36 extended permit ip 172.16.80.0 255.255.252.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x2f50bb63
access-list inside_acl line 36 extended permit ip 172.16.88.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x85a549b4
access-list inside_acl line 36 extended permit ip 172.20.8.0 255.255.255.0 172.20.8.0 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x0d481fdf
access-list inside_acl line 37 extended permit ip host A-172.16.12.3 host A-172.16.9.112 (hitcnt=0) 0x3944cd4a
I also added a nat exempt rule.
If anyone has any ideas by all means but I do have a question, because although packet tracer shows it dropping becuase of an ACL, is it still possible for it to be a routing issue (a missing static route)?
Thank you.
