Yeah, it is actually for the pre-NAT address (first undo NAT) but the point
is to first use XLATE to choose the egress interface and then look into the
RIB for actual prefix with the Next-Hop via this XLATE-selected interface
Regards,
-- Piotr Kaluzny CCIE #25665 (Security), CCSP, CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com On Fri, Feb 3, 2012 at 7:53 PM, Bogdan Sass <bogd.no.spam_at_gmail.com> wrote: > And as usual, the moment you ask others for help, you think of > something new, and... it proves to be the solution! > > In my case, I had forgotten to add the route to the private > (192.168.0.0) network on the ASA. So the firewall dropped the packet. > > Strangely enough, I'm sure I had that route in there some time > during my troubleshooting. But my ASA disagrees with me, and the > firewall is always right :P . Well... I guess I'm lucky it happened now > and not during the lab > > <snip> > > -- > Bogdan Sass > CCSP,LPIC-1,VCP5,CCIE #22221 (RS) > Information Systems Security Professional > "Curiosity was framed - ignorance killed the cat" > > > Blogs and organic groups at http://www.ccie.net > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html Blogs and organic groups at http://www.ccie.netReceived on Fri Feb 03 2012 - 19:58:13 ART
This archive was generated by hypermail 2.2.0 : Thu Mar 01 2012 - 11:46:56 ART