Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT on Cisco ASA 5550 v8.3(2)

Not very familiar with ASA and NAT'ing in general so hopefully, this will make sense.

I've created a Site-to-Site IPSec VPN tunnel with one of our clients (who uses a PIX).  The remote user can connect to our local, private LAN servers without a problem.  However, when the remote user tries to connect to servers on our corporate network (which is linked over WAN routers from LA to Dallas) they cant get through.

When I run Packet Trace in ASDM on our ASA all is well until the packet attempts to traverse from the Inside interface back through the Outside interface (back to the remote client side of the VPN tunnel).

I see the following "error" within the Packet Trace tool;


Type - NAT    Subtype - rpf-check    Action - DROP


object network obj_any

nat (inside,outside) dynamic interface


I've attached my ASA config.  The remote client-side address is, its being PAT'd to and the remote host/network its not able to reach is ( /24 net mask).  The local segment in my LA network is and the servers in this network are all able to communicate with the remote client-side user at

This seems simple, so I'm sure my lack of knowledge is the main ingredient here.  Any help would be greatly appreciated.  as previously stated, I've attached a .txt file of my ASA config.


NAT on Cisco ASA 5550 v8.3(2)


nat (inside,outside) source static alb-net1 alb-net1 destination static obj- obj-


object network alb-net1


description Created during name migration  object network alb-net1
! does not cover the subnet Also, make sure your corp n/w routers have route to the remote network.



New Member

NAT on Cisco ASA 5550 v8.3(2)

This ended up being a Crypto Map issue.

CreatePlease to create content