Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
21442
Views
0
Helpful
5
Replies

ASA firewall denied due to NAT reverse path failure

Go to solution
Ramesh Babu
Level 1
Level 1

‎05-30-2017 07:57 AM - edited ‎03-08-2019 10:46 AM

Hi All,

On ASA 8.2.5 firewall we are getting logs for "denied due to NAT reverse path failure"

Our configuration,

global (outside) 1 198.2.2.254

global (DMZ1) 1 172.26.10.254

global (DMZ2) 1 198.3.3.250

 nat (inside) 0 access-list nonat_1

nat (inside) 1 0.0.0.0 0.0.0.0

nat (DMZ1) 1 0.0.0.0 0.0.0.0

nat (DMZ2) 1 0.0.0.0 0.0.0.0

 

access-group DMZ1_inbound in interface DMZ1

 

access-list DMZ1_inbound line 9 extended permit ip 172.26.0.0 255.255.0.0 any log informational interval 300 (hitcnt=65881) 

 

Logs:

 May 30 2017 10:13:50 : %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src DMZ1:172.26.22.27/63574 dst inside:10.22.66.236/2144   denied due to NAT reverse path failure

Kindly do the needful.

Thanks & Regards,

Ramesh Babu.A.

4 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to Ramesh Babu

‎05-30-2017 01:28 PM

Hi,

Please mark the post as answered, so others can benefit from it.

Thanks,

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎05-30-2017 08:31 AM

Hi,

Have a look at this post.

https://supportforums.cisco.com/discussion/10807946/denied-due-nat-reverse-path-failure

HTH

0 Helpful

Go to solution
Ramesh Babu
Level 1
Level 1
In response to Reza Sharifi

‎05-30-2017 12:22 PM

Hi,

We have applied 

access-list nonat_1 extended permit ip host 10.22.66.236 host 172.26.201.27

now its normal.

Thanks for your help.

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to Ramesh Babu

‎05-30-2017 01:28 PM

Hi,

Please mark the post as answered, so others can benefit from it.

Thanks,

0 Helpful

Go to solution
Ramesh Babu
Level 1
Level 1
In response to Reza Sharifi

‎06-03-2017 07:19 AM

Hi Reza,

Thanks for your help.

Thanks & Regards,

Ramesh Babu.A.

0 Helpful

Go to solution
heavendadwal
Level 1
Level 1
In response to Ramesh Babu

‎11-07-2019 02:56 AM

Thanks for support. Helpful for me as well. 

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card