Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
736
Views
0
Helpful
2
Replies

VPN NAT issues

sambillings459
Level 1
Level 1

‎08-22-2017 12:48 PM - edited ‎03-12-2019 04:29 AM

Hi Experts,

 

I have some issue going on with site-site VPN, we are doing NAT for our internal subnets and to avoid conflicts we are also doing destination NAT.

 

This is new site-site VPN setup, not sure what went wrong. when we tried to do TCP ping on the other side of the tunnel, it is not pinging  and not even the phase1 is coming up

 

 when checked the logs we are getting some strange logs..please see the below logs

 

Aug 22 2017 19:18:37 10.11.12.13 : %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; connection for src inside:172.21.2.2/223 dst outside:172.16.24/25/80 denied due to NAT reverse path failure

 

I would really appreciate any help.

 

Thanks

SAM

Labels:
0 Helpful
2 Replies 2

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎08-22-2017 03:12 PM

Hi,

 

Please move the NAT used for this VPN tunnel to line 1.

 

For instance:

 

nat (inside,outside) 1 source static obj-A obj-A destination static obj-b obj-b

 

 

Regards,

Aditya

Please rate helpful and mark correct answers

0 Helpful

sambillings459
Level 1
Level 1
In response to Aditya Ganjoo

‎08-23-2017 07:41 AM

Hi Aditya,

 

Thanks for your quick response. can you please have a look at the attachment with this message. I have mentioned every thing in the attachement.. please let me know if you need any further information

 

Thanks

SAM

Preview file
47 KB
0 Helpful
Customers Also Viewed These Support Documents