5512:

CLL-ASA5512# packet-tracer input CUST-TEST-VPN tcp 172.22.100.29 80 10.1.0.2 8$

Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
nat (CUST-TEST-VPN,Internet) source static VPN-Test-Interface VPN-Test-Interface destination static VPN-Test-LAN VPN-Test-LAN no-proxy-arp
Additional Information:
NAT divert to egress interface Internet
Untranslate 10.1.0.2/80 to 10.1.0.2/80

Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group CUST-TEST-VPN_access_in in interface CUST-TEST-VPN
access-list CUST-TEST-VPN_access_in extended permit ip 172.22.100.28 255.255.255.252 object VPN-Test-LAN log
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fffab823390, priority=13, domain=permit, deny=false
        hits=26, user_data=0x7fffa6c9bd00, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
        src ip/id=172.22.100.28, mask=255.255.255.252, port=0, tag=0
        dst ip/id=10.1.0.0, mask=255.255.255.0, port=0, tag=0, dscp=0x0
        input_ifc=CUST-TEST-VPN, output_ifc=any

Phase: 3
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (CUST-TEST-VPN,Internet) source static VPN-Test-Interface VPN-Test-Interface destination static VPN-Test-LAN VPN-Test-LAN no-proxy-arp
Additional Information:
Static translate 172.22.100.29/80 to 172.22.100.29/80
 Forward Flow based lookup yields rule:
 in  id=0x7fffaae53170, priority=6, domain=nat, deny=false
        hits=40, user_data=0x7fffab9f3710, cs_id=0x0, flags=0x0, protocol=0
        src ip/id=172.22.100.28, mask=255.255.255.252, port=0, tag=0
        dst ip/id=10.1.0.0, mask=255.255.255.0, port=0, tag=0, dscp=0x0
        input_ifc=CUST-TEST-VPN, output_ifc=Internet

Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fffa341a7f0, priority=1, domain=nat-per-session, deny=true
        hits=778451, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
        input_ifc=any, output_ifc=any

Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fffac124450, priority=0, domain=inspect-ip-options, deny=true
        hits=40, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
        input_ifc=CUST-TEST-VPN, output_ifc=any

Phase: 6
Type: INSPECT
Subtype: inspect-pptp
Result: ALLOW
Config:
class-map class-default
 match any
policy-map global_policy
 class class-default
  inspect pptp
service-policy global_policy global
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fffac13b260, priority=70, domain=inspect-pptp, deny=false
        hits=41, user_data=0x7fffab818f40, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
        input_ifc=CUST-TEST-VPN, output_ifc=any

Phase: 7
Type: VPN
Subtype: encrypt
Result: DROP
Config:
Additional Information:
 Forward Flow based lookup yields rule:
 out id=0x7fffab845890, priority=70, domain=encrypt, deny=false
        hits=2, user_data=0x0, cs_id=0x7fffabf2bd70, reverse, flags=0x0, protocol=0
        src ip/id=172.22.100.28, mask=255.255.255.252, port=0, tag=0
        dst ip/id=10.1.0.0, mask=255.255.255.0, port=0, tag=0, dscp=0x0
        input_ifc=any, output_ifc=Internet

Result:
input-interface: CUST-TEST-VPN
input-status: up
input-line-status: up
output-interface: Internet
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

5505:

ciscoasa# packet-tracer input Inside tcp 10.1.0.2 80 172.22.100.29 80 detailed

Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0xcc0bbe48, priority=1, domain=permit, deny=false
        hits=90, user_data=0x0, cs_id=0x0, l3_type=0x8
        src mac=0000.0000.0000, mask=0000.0000.0000
        dst mac=0000.0000.0000, mask=0100.0000.0000
        input_ifc=Inside, output_ifc=any

Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   172.22.100.28   255.255.255.252 outside

Phase: 3
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
nat (Inside,outside) source static NETWORK_OBJ_10.1.0.0_24 NETWORK_OBJ_10.1.0.0_24 destination static VPN-Test-VRF VPN-Test-VRF no-proxy-arp route-lookup
Additional Information:
NAT divert to egress interface outside
Untranslate 172.22.100.29/80 to 172.22.100.29/80

Phase: 4
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group Inside_access_in in interface Inside
access-list Inside_access_in extended permit ip object NETWORK_OBJ_10.1.0.0_24 object VPN-Test-VRF log
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0xcc10fca0, priority=13, domain=permit, deny=false
        hits=7, user_data=0xca0792f0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
        src ip/id=10.1.0.0, mask=255.255.255.0, port=0, tag=0
        dst ip/id=172.22.100.28, mask=255.255.255.252, port=0, tag=0, dscp=0x0
        input_ifc=Inside, output_ifc=any

Phase: 5
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (Inside,outside) source static NETWORK_OBJ_10.1.0.0_24 NETWORK_OBJ_10.1.0.0_24 destination static VPN-Test-VRF VPN-Test-VRF no-proxy-arp route-lookup
Additional Information:
Static translate 10.1.0.2/80 to 10.1.0.2/80
 Forward Flow based lookup yields rule:
 in  id=0xcc10c188, priority=6, domain=nat, deny=false
        hits=74, user_data=0xcc10b838, cs_id=0x0, flags=0x0, protocol=0
        src ip/id=10.1.0.0, mask=255.255.255.0, port=0, tag=0
        dst ip/id=172.22.100.28, mask=255.255.255.252, port=0, tag=0, dscp=0x0
        input_ifc=Inside, output_ifc=outside

Phase: 6
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0xc826ac90, priority=1, domain=nat-per-session, deny=true
        hits=717, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
        input_ifc=any, output_ifc=any

Phase: 7
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0xcc0c1f38, priority=0, domain=inspect-ip-options, deny=true
        hits=83, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
        input_ifc=Inside, output_ifc=any

Phase: 8
Type: VPN
Subtype: encrypt
Result: ALLOW
Config:
Additional Information:
 Forward Flow based lookup yields rule:
 out id=0xcca92240, priority=70, domain=encrypt, deny=false
        hits=1, user_data=0xee2c4, cs_id=0xcc8cae10, reverse, flags=0x0, protocol=0
        src ip/id=10.1.0.0, mask=255.255.255.0, port=0, tag=0
        dst ip/id=172.22.100.28, mask=255.255.255.252, port=0, tag=0, dscp=0x0
        input_ifc=any, output_ifc=outside

Phase: 9
Type: ACCESS-LIST
Subtype: filter-aaa
Result: DROP
Config:
Additional Information:
 Forward Flow based lookup yields rule:
 out id=0xcb993928, priority=12, domain=filter-aaa, deny=true
        hits=70, user_data=0xca0797f0, filter_id=0x0(-implicit deny-), protocol=0
        src ip=0.0.0.0, mask=0.0.0.0, port=0
        dst ip=0.0.0.0, mask=0.0.0.0, port=0

Result:
input-interface: Inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

Thanks,

Gareth