Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Packet tracer shows: drop

Hello:

I have ASA 5510 and when I ran packet-tracer from dmz to outside and I noticed that on Phase 5 is show drop with this error "

(sp-security-failed) Slowpath security checks failed"

Could someone please one tell me if the NAT is sending traffic out or the setup is correct and what is that error means.

Thx,

HP

Phase: 5

Type: NAT

Subtype: host-limits

Result: ALLOW

Config:

static (dmz,outside) 63.64.244.xxx 172.16.10.174 netmask 255.255.255.255

  match ip dmz host 172.16.10.174 outside any

    static translation to 63.64.244.xxx

    translate_hits = 8, untranslate_hits = 5102

Additional Information:

Forward Flow based lookup yields rule:

in  id=0xa72b4090, priority=5, domain=host, deny=false

        hits=378, user_data=0xa72b3df8, cs_id=0x0, reverse, flags=0x0, protocol=0

        src ip=172.16.10.174, mask=255.255.255.255, port=0

        dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0

Result:

input-interface: dmz

input-status: up

input-line-status: up

output-interface: outside

output-status: up

output-line-status: up

Action: drop

Drop-reason: (sp-security-failed) Slowpath security checks failed

117
Views
0
Helpful
0
Replies