Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
468
Views
0
Helpful
3
Replies

ASA 5505 VPN Issue

allenk1052
Level 1
Level 1

‎07-19-2017 06:51 AM

Hello all,

I have a client , with a ASA 5505.

Trying to configure VPN

Doing so, I get the following error

Connection for udp src outside:192.168.150.100 dst inside:192.168.2.2 denied due to NAT reverse path failure. 

Wondering if anyone has any 1st steps to try ?

Any information appreciated

Thanks all, and Best Regards,

Allen

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-19-2017 06:59 AM

We need some more information. Can you share the ASA configuration, the type of VPN (IPsec or SSL) and confirm that the client is trying to connect via the outside interface?

The syslog message you shared is not by itself VPN-related but rather specific to NAT. You will get it if you try to connect to an address that is allowed by ACL but where the opposite direction of the  traffic flow would be NATted.

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎07-19-2017 07:26 AM

Hi,

It seems you may have a conflicting NAT statement which can trigger this error.

If possible share the packet tracer for this traffic.

As suggested by Marvin please share the information requested by him as well.

Regards,

Aditya

Please rate helpful and mark correct answers

0 Helpful

Shankar Murali
Level 1
Level 1

‎07-20-2017 02:57 AM

From the available information i believe it is Lan-Lan IPSec vpn. In that case can you check the status of phase1 and phase2 by using the commands "sh cryp isakmp sa" and "sh cryp ipsec sa".

-Shankar

0 Helpful
Customers Also Viewed These Support Documents