05-30-2017 07:57 AM - edited 03-08-2019 10:46 AM
Hi All,
On ASA 8.2.5 firewall we are getting logs for "denied due to NAT reverse path failure"
Our configuration,
global (outside) 1 198.2.2.254
global (DMZ1) 1 172.26.10.254
global (DMZ2) 1 198.3.3.250
nat (inside) 0 access-list nonat_1
nat (inside) 1 0.0.0.0 0.0.0.0
nat (DMZ1) 1 0.0.0.0 0.0.0.0
nat (DMZ2) 1 0.0.0.0 0.0.0.0
access-group DMZ1_inbound in interface DMZ1
access-list DMZ1_inbound line 9 extended permit ip 172.26.0.0 255.255.0.0 any log informational interval 300 (hitcnt=65881)
Logs:
May 30 2017 10:13:50 : %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src DMZ1:172.26.22.27/63574 dst inside:10.22.66.236/2144 denied due to NAT reverse path failure
Kindly do the needful.
Thanks & Regards,
Ramesh Babu.A.
Solved! Go to Solution.
05-30-2017 01:28 PM
Hi,
Please mark the post as answered, so others can benefit from it.
Thanks,
05-30-2017 08:31 AM
Hi,
Have a look at this post.
https://supportforums.cisco.com/discussion/10807946/denied-due-nat-reverse-path-failure
HTH
05-30-2017 12:22 PM
Hi,
We have applied
access-list nonat_1 extended permit ip host 10.22.66.236 host 172.26.201.27
now its normal.
Thanks for your help.
05-30-2017 01:28 PM
Hi,
Please mark the post as answered, so others can benefit from it.
Thanks,
06-03-2017 07:19 AM
Hi Reza,
Thanks for your help.
Thanks & Regards,
Ramesh Babu.A.
11-07-2019 02:56 AM
Thanks for support. Helpful for me as well.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: