I am have just completed my first ASA install using 8.4 software, I was ok with 8.2 and prior for NAT, but I am running into an issue with the 8.4 setup.
I have a 5585 that is running multiple contexts, one of the contexts connects to a cisco wlc on it's inside interface. Wireless users are able to associate to the wlan fine, but their dhcp server is upstream on the outside of the asa. My issue is when clients attempt to grab a dhcp address, the dhcp offer is being dropped by the firewall due to:
%ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for udp src outside:192.168.200.84/67 dst inside:192.168.79.14/67 denied due to NAT reverse path failure
The dhcp server is upstream and is 192.168.200.84 and 192.168.79.14 is the wlan interface on the wlc. Can someone please have a look over my config and advise where I am going wrong.
Below is the complete config for the context, keep in mind that this is only in test at the moment and is presently completely private, there is no public access presently.
Turns out I had a number of configuration issues, I got these resolved with the help of the members that replied. Much appreciated for the assistance and my new found working understanding on NAT in 8.4.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...