ASA 5520 implicit deny

Unanswered Question
Dec 9th, 2007
User Badges:

i am having issue to with ASA. I am getting the below error when i do packet trace. Please see my config also below.


packet-tracer input inside udp 172.16.21.14 radius 10.50.1.9 radius$


Phase: 1

Type: FLOW-LOOKUP

Subtype:

Result: ALLOW

Config:

Additional Information:

Found no matching flow, creating a new flow


Phase: 2

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in 10.50.0.0 255.255.0.0 inside


Phase: 3

Type: ACCESS-LIST

Subtype:

Result: DROP

Config:

Implicit Rule

Additional Information:

Forward Flow based lookup yields rule:

in id=0x3f76d88, priority=500, domain=permit, deny=true

hits=23, user_data=0x6, cs_id=0x0, reverse, flags=0x0, protocol=0

src ip=172.16.21.14, mask=255.255.255.255, port=0

dst ip=0.0.0.0, mask=0.0.0.0, port=0


Result:

input-interface: inside

input-status: up

input-line-status: up

output-interface: inside

output-status: up

output-line-status: up

Action: drop

Drop-reason: (acl-drop) Flow is denied by configured rule


running config attached



how can i fix this?



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
husycisco Mon, 12/10/2007 - 00:38
User Badges:
  • Gold, 750 points or more

try adding this


nat (inside) 0 10.50.0.0 255.255.0.0



Actions

This Discussion