ciscoasa# packet-tracer input dmz3 icmp 17.50.1.21 0 8 172.20.1.53 det

Phase: 1

Type: FLOW-LOOKUP

Subtype:

Result: ALLOW

Config:

Additional Information:

Found no matching flow, creating a new flow

Phase: 2

Type: UN-NAT

Subtype: static

Result: ALLOW

Config:

static (inside,dmz3) 172.20.1.0 172.20.1.0 netmask 255.255.255.0

nat-control

match ip inside 172.20.1.0 255.255.255.0 dmz3 any

static translation to 172.20.1.0

translate_hits = 2, untranslate_hits = 1816

Additional Information:

NAT divert to egress interface inside

Untranslate 172.20.1.0/0 to 172.20.1.0/0 using netmask 255.255.255.0

Phase: 3

Type: ACCESS-LIST

Subtype:

Result: DROP

Config:

Implicit Rule

Additional Information:

Forward Flow based lookup yields rule:

in id=0xac2bd1b0, priority=0, domain=permit, deny=true

hits=1827, user_data=0x9, cs_id=0x0, flags=0x1000, protocol=0

src ip=0.0.0.0, mask=0.0.0.0, port=0

dst ip=0.0.0.0, mask=0.0.0.0, port=0

Result:

input-interface: dmz3

input-status: up

input-line-status: up

output-interface: inside

output-status: up

output-line-status: up

Action: drop

Drop-reason: (acl-drop) Flow is denied by configured rule

what this error mean? i dont know