Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1891
Views
0
Helpful
1
Replies

ASA 5510 Site to Site VPN , reverse path failure

karrerraphael
Level 1
Level 1

‎10-27-2010 03:54 AM

hi.

I've setup an site to site vpn.

The tunnel's built successful, from both side i can ping the device, but i can't ping or reach any computer/server in each site.

When i check the log i've this message :

Asymetric NAT rules matches for forward et reverse flow ; Connection for udp src outside:192.168.13.130/50222 dst inside:192.168.10.71:161 denied to NAT reverse path failure

I guess it'd be something idiot, probably dns issue, but i'm not sure.

Any ideas ?

In attachement ShowRuningConfig.

Labels:
Preview file
18 KB
0 Helpful
1 Reply 1

praprama
Cisco Employee
Cisco Employee

‎10-27-2010 07:57 AM

Hi,

Based on your config you seem to be missing the NAT exemption config for your VPN tunnel. Please refer to the below DOC for help on this:

https://supportforums.cisco.com/docs/DOC-11639

In your case, obj-local will be 0.0.0.0/0 (based on access-list outside_cryptomap) and the obj-remote will be 192.168.13.0/24.

Let me know if this helps!!

Thanks and Regards,

Prapanch

0 Helpful
Customers Also Viewed These Support Documents