305013: Connection denied due to NAT reverse path failure
Cisco ASA is a security device that provides the combined capabilities of a firewall, an antivirus, and an intrusion prevention system. It also facilitates virtual private network (VPN) connections. It helps to detect threats and stop attacks before they spread through the network.
Message: %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection protocol src interface_name: source_address /source_port [(idfw_user)] dst interface_name: dst_address /dst_port [(idfw_user)] denied due to NAT reverse path failure.
Event 305013 is generated when an attempt to connect to a mapped host using its actual address is rejected.
How could you resolve this situation?
When not on the same interface as the host using NAT, use the mapped address instead of the actual address to connect to the host. In addition, enable the 'inspect' command if the application embeds the IP address.
Cisco ASA Auditing Tool
EventLog Analyzer is a comprehensive log management software with which you can centrally collect, analyze, and manage logs from all the different log sources in your network. You also get reports and alerts on your network security, making it a power-packed IT security tool.
Our support team will contact you shortly.