05-08-2015 05:27 AM
Hi All,
I have a tunnel established between Site A to Site B, post configuration tunnel was up, however inbound traffic from the other end is not working.
I enabled outside Nat in the ASA.
Nat (outside) 3 10.77.215.0 255.255.255.128
global (Inside) 3 10.238.214.2
This is the error I am getting in the box.
May 08 2015 08:02:41 TRV-DAL-CUSTVPN-FW1 : %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src OUTSIDE:10.77.215.80 dst INSIDE:10.240.61.232 (type 8, code 0) denied due to NAT reverse path failure
05-08-2015 06:21 AM
What do you want to achieve? Do you really have to NAT the tunnel-traffic? If not needed, configuring NAT-Exemption would be the better way.
05-08-2015 11:21 AM
When you define nat for a traffic traversing from a low to high security interface you need to use the outside keyword at the end of the nat statement :
Nat (outside) 3 10.77.215.0 255.255.255.128 outside.
Moh.
05-13-2015 02:11 AM
Hi Mohammad,
I did that but it was affecting other static NATs, when I checked with CISCO TAC they said I need to disable nat control in order to enable it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide