Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA 5510 Site to Site VPN , reverse path failure

hi.

I've setup an site to site vpn.

The tunnel's built successful, from both side i can ping the device, but i can't ping or reach any computer/server in each site.

When i check the log i've this message :

Asymetric NAT rules matches for forward et reverse flow ; Connection for udp src outside:192.168.13.130/50222 dst inside:192.168.10.71:161 denied to NAT reverse path failure

I guess it'd be something idiot, probably dns issue, but i'm not sure.

Any ideas ?

In attachement ShowRuningConfig.

1 REPLY
Cisco Employee

Re: ASA 5510 Site to Site VPN , reverse path failure

Hi,

Based on your config you seem to be missing the NAT exemption config for your VPN tunnel. Please refer to the below DOC for help on this:

https://supportforums.cisco.com/docs/DOC-11639

In your case, obj-local will be 0.0.0.0/0 (based on access-list outside_cryptomap) and the obj-remote will be 192.168.13.0/24.

Let me know if this helps!!

Thanks and Regards,

Prapanch

1614
Views
0
Helpful
1
Replies
CreatePlease to create content