Showing results for 
Search instead for 
Did you mean: 

Outside NAT is not working when the traffic is comming via Site to Site tunnel

Hi All,


I have a tunnel established between Site A to Site B, post configuration tunnel was up, however inbound traffic from the other end is not working.


I enabled outside Nat in the ASA.


Nat (outside) 3

global (Inside) 3


This is the error I am getting in the box.


May 08 2015 08:02:41 TRV-DAL-CUSTVPN-FW1 : %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src OUTSIDE: dst INSIDE: (type 8, code 0) denied due to NAT reverse path failure




3 Replies 3

What do you want to achieve? Do you really have to NAT the tunnel-traffic? If not needed, configuring NAT-Exemption would be the better way.

Mohammad Alhyari
Cisco Employee
Cisco Employee

When you define nat for a traffic traversing from a low to high security interface you need to use the outside keyword at the end of the nat statement :

Nat (outside) 3 outside.



Hi Mohammad,


I did that but it was affecting other static NATs, when I checked with CISCO TAC they said I need to disable nat control in order to enable it.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: