HF-1604-ASA01# packet-tracer input inside tcp 192.168.5.1 1024 10.10.0.1 5061$ Phase: 1 Type: ROUTE-LOOKUP Subtype: Resolve Egress Interface Result: ALLOW Config: Additional Information: in 0.0.0.0 0.0.0.0 via 24.191.192.1, outside Phase: 2 Type: UN-NAT Subtype: static Result: ALLOW Config: nat (inside,outside) source static SHF-1604LAN SHF-1604LAN destination static SHF-remotesubnets SHF-remotesubnets no-proxy-arp route-lookup Additional Information: NAT divert to egress interface outside Untranslate 10.10.0.1/5061 to 10.10.0.1/5061 Phase: 3 Type: NAT Subtype: Result: ALLOW Config: nat (inside,outside) source static SHF-1604LAN SHF-1604LAN destination static SHF-remotesubnets SHF-remotesubnets no-proxy-arp route-lookup Additional Information: Static translate 192.168.5.1/1024 to 192.168.5.1/1024 Forward Flow based lookup yields rule: in id=0xccd92798, priority=6, domain=nat, deny=false hits=8, user_data=0xcc355b60, cs_id=0x0, flags=0x0, protocol=0 src ip/id=192.168.5.0, mask=255.255.255.0, port=0, tag=0 dst ip/id=10.10.0.0, mask=255.255.255.0, port=0, tag=0, dscp=0x0 input_ifc=inside, output_ifc=outside Phase: 4 Type: NAT Subtype: per-session Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xc83a0250, priority=1, domain=nat-per-session, deny=true hits=1428307, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0 dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0 input_ifc=any, output_ifc=any Phase: 5 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xcc304c00, priority=0, domain=inspect-ip-options, deny=true hits=916751, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0 dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0 input_ifc=inside, output_ifc=any Phase: 6 Type: HOST-LIMIT Subtype: Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xcc3399c8, priority=0, domain=host-limit, deny=false hits=3477, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0 dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0 input_ifc=inside, output_ifc=any Phase: 7 Type: VPN Subtype: encrypt Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: out id=0xccd9b258, priority=70, domain=encrypt, deny=false hits=3, user_data=0x1f9d39c, cs_id=0xccabc718, reverse, flags=0x0, protocol=0 src ip/id=192.168.5.0, mask=255.255.255.0, port=0, tag=0 dst ip/id=10.10.0.0, mask=255.255.255.0, port=0, tag=0, dscp=0x0 input_ifc=any, output_ifc=outside Phase: 8 Type: NAT Subtype: rpf-check Result: ALLOW Config: nat (inside,outside) source static SHF-1604LAN SHF-1604LAN destination static SHF-remotesubnets SHF-remotesubnets no-proxy-arp route-lookup Additional Information: Forward Flow based lookup yields rule: out id=0xccc41878, priority=6, domain=nat-reverse, deny=false hits=7, user_data=0xcc355c18, cs_id=0x0, use_real_addr, flags=0x0, protocol=0 src ip/id=192.168.5.0, mask=255.255.255.0, port=0, tag=0 dst ip/id=10.10.0.0, mask=255.255.255.0, port=0, tag=0, dscp=0x0 input_ifc=inside, output_ifc=outside Phase: 9 Type: VPN Subtype: ipsec-tunnel-flow Result: ALLOW Config: Additional Information: Reverse Flow based lookup yields rule: in id=0xccd8e480, priority=70, domain=ipsec-tunnel-flow, deny=false hits=3, user_data=0x1fa289c, cs_id=0xccabc718, reverse, flags=0x0, protocol=0 src ip/id=10.10.0.0, mask=255.255.255.0, port=0, tag=0 dst ip/id=192.168.5.0, mask=255.255.255.0, port=0, tag=0, dscp=0x0 input_ifc=outside, output_ifc=any Phase: 10 Type: NAT Subtype: per-session Result: ALLOW Config: Additional Information: Reverse Flow based lookup yields rule: in id=0xc83a0250, priority=1, domain=nat-per-session, deny=true hits=1428309, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0 dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0 input_ifc=any, output_ifc=any Phase: 11 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Reverse Flow based lookup yields rule: in id=0xcc32fc88, priority=0, domain=inspect-ip-options, deny=true hits=1174710, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0 dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0 input_ifc=outside, output_ifc=any Phase: 12 Type: FLOW-CREATION Subtype: Result: ALLOW Config: Additional Information: New flow created with id 1061029, packet dispatched to next module Module information for forward flow ... snp_fp_tracer_drop snp_fp_inspect_ip_options snp_fp_tcp_normalizer snp_fp_translate snp_fp_adjacency snp_fp_encrypt snp_fp_fragment snp_ifc_stat Module information for reverse flow ... snp_fp_tracer_drop snp_fp_inspect_ip_options snp_fp_ipsec_tunnel_flow snp_fp_translate snp_fp_tcp_normalizer snp_fp_adjacency snp_fp_fragment snp_ifc_stat Result: input-interface: inside input-status: up input-line-status: up output-interface: outside output-status: up output-line-status: up Action: allow