Asymmetric NAT rules matched

dmeligrana_insud · ‎12-21-2015

Hello,

There is an ASA 5505 8.2(5). I've been working with. There are two vlans (172.21.1.0/24 and 172.21.2.0/24), one port for each, both connected to a switch, which has been configured with the same two VLANs. No trunk ports. ASA denys packets due to Asymetrical translations; same inter and same intra interface routing set.

nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (VoIP_PH) 0 access-list VoIP_PH_nat0_outbound
nat (VoIP_PH) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

global (Telecom) 1 interface

Of course, inside_nat0_outbound is an access list that reads, among other lines, 172.21.1.0/24 --> 172.21.2.0/24, and VoIP_PH_nat0_outbound reads 172.21.2.0/24 --> 172.21.1.0/24.

My log screen is flooded with Asymetric translations messages and the router does not route traffic between both subnets.

Any ideas?

Thanks.

Regards.

chris noon · ‎12-22-2015

Can you post the error message you are receiving?

dmeligrana_insud · ‎01-25-2016

Asymmetric NAT rules matched for forward and reverse flows; Connection for udp src inside:172.21.1.46/25128 dst inside:172.16.15.10/53 denied due to NAT reverse path failure

172.16.0.0/24

|

MPLS

.254

| _______________

172.21.1.0/24 __|__.1| |

| ASA |

|______________|

Marco Soeder-Schuettler · ‎01-25-2016

Hi,

have you already configured a NAT Exempt Rule between both private Networks?

Regards

ASA - routing + NAT problems. It used to work