305013: Connection denied due to NAT reverse path failure
Cisco ASA is a security device that provides the combined capabilities of a firewall, an antivirus, and an intrusion prevention system. It also facilitates virtual private network (VPN) connections. It helps to detect threats and stop attacks before they spread through the network.
Message: %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection protocol src interface_name: source_address /source_port [(idfw_user)] dst interface_name: dst_address /dst_port [(idfw_user)] denied due to NAT reverse path failure.
Event 305013 is generated when an attempt to connect to a mapped host using its actual address is rejected.
How could you resolve this situation?
When not on the same interface as the host using NAT, use the mapped address instead of the actual address to connect to the host. In addition, enable the 'inspect' command if the application embeds the IP address.