ciscoasa#packet-tracer input inside tcp 10.1.1.10 http 192.123.123.135 http detailed Phase: 1 Type: ROUTE-LOOKUP Subtype: input Result: ALLOW Config: Additional Information: in 192.123.123.128 255.255.255.128 outside Phase: 2 Type: ACCESS-LIST Subtype: log Result: ALLOW Config: access-group inside_access_in in interface inside access-list inside_access_in extended permit ip any any Additional Information: Forward Flow based lookup yields rule: in id=0xc95e9028, priority=12, domain=permit, deny=false hits=1852, user_data=0xc793c350, cs_id=0x0, flags=0x0, protocol=0 src ip=0.0.0.0, mask=0.0.0.0, port=0 dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0 Phase: 3 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xc959c248, priority=0, domain=inspect-ip-options, deny=true hits=4004, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip=0.0.0.0, mask=0.0.0.0, port=0 dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0 Phase: 4 Type: NAT-EXEMPT Subtype: Result: ALLOW Config: match ip inside 10.1.1.0 255.255.255.128 outside 192.123.123.128 255.255.255.128 NAT exempt translate_hits = 6, untranslate_hits = 0 Additional Information: Forward Flow based lookup yields rule: in id=0xc9e73d50, priority=6, domain=nat-exempt, deny=false hits=6, user_data=0xc9bfc450, cs_id=0x0, use_real_addr, flags=0x0, protocol=0 src ip=10.1.1.0, mask=255.255.255.128, port=0 dst ip=192.123.123.128, mask=255.255.255.128, port=0, dscp=0x0 Phase: 5 Type: NAT Subtype: Result: ALLOW Config: nat (inside) 1 0.0.0.0 0.0.0.0 match ip inside any outside any dynamic translation to pool 1 (10.1.1.135 [Interface PAT]) translate_hits = 369, untranslate_hits = 11 Additional Information: Forward Flow based lookup yields rule: in id=0xc9e99408, priority=1, domain=nat, deny=false hits=375, user_data=0xc9bd7d78, cs_id=0x0, flags=0x0, protocol=0 src ip=0.0.0.0, mask=0.0.0.0, port=0 dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0 Phase: 6 Type: NAT Subtype: host-limits Result: ALLOW Config: nat (inside) 1 0.0.0.0 0.0.0.0 match ip inside any inside any dynamic translation to pool 1 (No matching global) translate_hits = 0, untranslate_hits = 0 Additional Information: Forward Flow based lookup yields rule: in id=0xc9e86bf8, priority=1, domain=host, deny=false hits=593, user_data=0xc9a891a8, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip=0.0.0.0, mask=0.0.0.0, port=0 dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0 Phase: 7 Type: VPN Subtype: encrypt Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: out id=0xc9e84320, priority=70, domain=encrypt, deny=false hits=5, user_data=0x72e8b4, cs_id=0xc9a881f0, reverse, flags=0x0, protocol=0 src ip=10.1.1.0, mask=255.255.255.128, port=0 dst ip=192.123.123.128, mask=255.255.255.128, port=0, dscp=0x0 Phase: 8 Type: VPN Subtype: ipsec-tunnel-flow Result: ALLOW Config: Additional Information: Reverse Flow based lookup yields rule: in id=0xc9e848b8, priority=69, domain=ipsec-tunnel-flow, deny=false hits=5, user_data=0x7573d4, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip=192.123.123.128, mask=255.255.255.128, port=0 dst ip=10.1.1.0, mask=255.255.255.128, port=0, dscp=0x0 Phase: 9 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Reverse Flow based lookup yields rule: in id=0xc95e5ec8, priority=0, domain=inspect-ip-options, deny=true hits=1892, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip=0.0.0.0, mask=0.0.0.0, port=0 dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0 Phase: 10 Type: FLOW-CREATION Subtype: Result: ALLOW Config: Additional Information: New flow created with id 2931, packet dispatched to next module Module information for forward flow ... snp_fp_tracer_drop snp_fp_inspect_ip_options snp_fp_tcp_normalizer snp_fp_translate snp_fp_adjacency snp_fp_encrypt snp_fp_fragment snp_ifc_stat Module information for reverse flow ... snp_fp_tracer_drop snp_fp_inspect_ip_options snp_fp_ipsec_tunnel_flow snp_fp_translate snp_fp_tcp_normalizer snp_fp_adjacency snp_fp_fragment snp_ifc_stat Result: input-interface: inside input-status: up input-line-status: up output-interface: outside output-status: up output-line-status: up Action: allow