Path failure reverse that of NAT

Similar Questions

• ASA5505 SSL AnyConnect VPN and NAT Reverse Path failure

  I worked on it for a while and just have not found a solution yet.

  I have a Cisco ASA5505 Setup at home and I try to use the AnyConnect VPN client to it.  I followed the example of ASA 8.x split Tunnel but still miss me something.

  My home network is 10.170.x.x and I install the VPN address to 10.170.13.x pool I have a Windows workstation running at 10.170.0.6, printers 10.170.0.20 and 21 and inside the router itself is 10.170.0.1

  I can connect from the outside and am assigned an IP address of 10.170.13.10, but when I try to access network resources via ICMP or open a web page, the newspaper of the ASDM shows a bunch of this:

  5. January 27, 2010 | 10: 33:37 | 305013 | 10.170.255.255 | 137. Asymmetrical NAT rules matched for flows forward and backward; Connection for udp src outside:10.170.13.10/137 dst inside:10.170.255.255/137 refused due to path failure reverse that of NAT
  5. January 27, 2010 | 10: 33:36 | 305013 | 10.170.255.255 | 137. Asymmetrical NAT rules matched for flows forward and backward; Connection for udp src outside:10.170.13.10/137 dst inside:10.170.255.255/137 refused due to path failure reverse that of NAT
  5. January 27, 2010 | 10: 33: 35 | 305013 | 10.170.255.255 | 137. Asymmetrical NAT rules matched for flows forward and backward; Connection for udp src outside:10.170.13.10/137 dst inside:10.170.255.255/137 refused due to path failure reverse that of NAT
  5. January 27, 2010 | 10: 33:34 | 305013 | 10.170.0.6 | Asymmetrical NAT rules matched for flows forward and backward; Connection for icmp src, dst outside: 10.170.13.10 inside: 10.170.0.6 (type 8, code 0) rejected due to the failure of reverse path of NAT
  5. January 27, 2010 | 10:33:30 | 305013 | 10.170.255.255 | 137. Asymmetrical NAT rules matched for flows forward and backward; Connection for udp src outside:10.170.13.10/137 dst inside:10.170.255.255/137 refused due to path failure reverse that of NAT
  5. January 27, 2010 | 10: 33:29 | 305013 | 10.170.255.255 | 137. Asymmetrical NAT rules matched for flows forward and backward; Connection for udp src outside:10.170.13.10/137 dst inside:10.170.255.255/137 refused due to path failure reverse that of NAT
  5. January 27, 2010 | 10: 33:28 | 305013 | 10.170.255.255 | 137. Asymmetrical NAT rules matched for flows forward and backward; Connection for udp src outside:10.170.13.10/137 dst inside:10.170.255.255/137 refused due to path failure reverse that of NAT
  5. January 27, 2010 | 10: 33:28 | 305013 | 10.170.0.6 | Asymmetrical NAT rules matched for flows forward and backward; Connection for icmp src, dst outside: 10.170.13.10 inside: 10.170.0.6 (type 8, code 0) rejected due to the failure of reverse path of NAT
  5. January 27, 2010 | 10:33:23 | 305013 | 10.170.0.6 | Asymmetrical NAT rules matched for flows forward and backward; Connection for icmp src, dst outside: 10.170.13.10 inside: 10.170.0.6 (type 8, code 0) rejected due to the failure of reverse path of NAT
  5. January 27, 2010 | 10:33:17 | 305013 | 10.170.0.6 | Asymmetrical NAT rules matched for flows forward and backward; Connection for icmp src, dst outside: 10.170.13.10 inside: 10.170.0.6 (type 8, code 0) rejected due to the failure of reverse path of NAT
  5. January 27, 2010 | 10: 33: 13 | 305013 | 10.170.0.6 | Asymmetrical NAT rules matched for flows forward and backward; Connection for icmp src, dst outside: 10.170.13.10 inside: 10.170.0.6 (type 8, code 0) rejected due to the failure of reverse path of NAT
  5. January 27, 2010 | 10:33:07 | 305013 | 10.170.0.6 | Asymmetrical NAT rules matched for flows forward and backward; Connection for icmp src, dst outside: 10.170.13.10 inside: 10.170.0.6 (type 8, code 0) rejected due to the failure of reverse path of NAT

  I tried several things with NAT, but were not able to go beyond that.  Does anyone mind looking at my config running and help me with this?  Thanks a bunch!

  -Tim

  Couple to check points.

  name 10.17.13.0 UFP-VPN-pool looks like it should be the name 10.170.13.0 UFP-VPN-pool

  inside_nat0_outbound to access extended list ip allow list zero 255.255.0.0 255.255.255.0 UFP-VPN-pool

  Looks like that one

  inside_nat0_outbound to list extended ip access list zero UFP-VPN-pool 255.255.255.0 255.255.255.0 allow

• I have somehow blocked a contact by mistake. How can I reverse that?

  I have somehow blocked a contact by mistake.  How can I reverse that?  Make sure not to be too technical.  I am in my seventies and not fully computer.  Thank you

  Be just cause, you are in your 70s is no excuse the age card game.

  You did not bother to tell what mail program you use. It was said that in messages before.

• My laptop xp display Dim on current alternative and light on the battery! How reverse that?

  Original title: display dims

  My laptop xp display Dim on current alternative and light on the battery!  How reverse that?

  Hello KarenJudyOrdoyne,

  Thanks for the return of the response.  I've included the Dell Web site below for the latest drivers, firmware and BIOS updates.  I would like to confirm that you are the first on the updates.

  Dell support:

  http://support.Dell.com/support/topics/global.aspx/support/KCS/document?docid=427825

  If you look in the support section, other users have reported this problem.  In some cases, replace the power supply cable has solved this problem and I show other update to the latest BIOS update and this has changed.

  Also, do you have the Dell Diagnostics on your computer?  This is usually installed by the manufacturer, but you can run a test to determine if there is a hardware problem.

  I hope this helps!

• BB10 cannot install the debug - result::failure 532 that all development 100 slots are already in use

  I get an error when you try to deploy a file of debug on a Z30 bar:

  result::failure 532 all development 100 slots are already in use

  I removed all applications development, renewed my debugging token, rebooted momentics and restarted the unit, but the error persists.

  I'll wipe the next device, but someone has run into this, or know a quicker fix?

  A BlackBerry signature account limit the creation of chips from debug to 100 unique BlackBerry PIN.  If you try to create others, you get the error below.

  Debug tokens expire after 30 days, once a PIN expires, you will be able to create again.

  Note that this does not affect the renewal of the chips.  If you renew a token before it expires, it always uses only 1 allocation.

• Make the selection of the path is reversed!

  As always seems to be the case, suddenly and without warning, and even if I did NOTHING WRONG... OK, I'm sure I did SOMETHING, but it's super annoying HELP!

  I normally bubbles for comics by a selection of oval around the text, and then using the path tool to draw the little arrow and add it to the selection. But for some reason, whenever I do now, it selects the entire screen except for the part where is the path. It is essentially reversed.

  What should I do? Just reverse the selection won't work because I lose my oval in this way. Redraw it works, but it's a pretty inelegant solution to the problem.

  With the pen tool is selected, you have the button to subtract from path area ?

  

  If so, press the button Add to path area to the left of it.

  -Christmas

• Analyze the failure because that returned data have XML as code

  I have a HTTPService that makes a call to a PHP file to collect some data from a database of vulnerabilities. It works 99.9% of the time. However, there are some cases when I get the following text:
  
  [CPP faultString = error "" Error #1090: XML parser failure: element is incorrect. "faultCode =" Client.CouldNotDecode"faultDetail ="null"]
  to mx.rpc.http::HTTPService/ http://www.adobe.com/2006/flex/mx/internal::processResult()
  to mx.rpc::AbstractInvoker / http://www.adobe.com/2006/flex/mx/internal::resultHandler()
  at mx.rpc::Responder/result()
  at mx.rpc::AsyncRequest/acknowledge()
  to: DirectHTTPMessageResponder / completeHandler)
  at flash.events::EventDispatcher/flash.events:EventDispatcher::dispatchEventFunction()
  at flash.events::EventDispatcher/dispatchEvent()
  at flash.net::URLLoader/flash.net:URLLoader::onComplete()
  
  I have debugging in my PHP files and I know with certainty that data are being grouped into XML format suitable for a response back. And when compared to every other answer that works, it's exactly the same (XML sections / tags).
  
  However, I have noticed that some of the answers are data fields:
  
  < directory/usr/doc >
  AllowOverride None
  Order deny, allow
  refuse to all the
  allow from localhost
  < / Book >
  
  Could it be causing my problem? It is not part of my XML, but rather the data returned by the database about a particular vulnerability in Apache.
  
  Anyone have any ideas on how to deal with this?
  
  Thank you
  Chris
  
  

  Vygo - that's all! Everything works. My PHP was ok, and technically the MXML was ok too. For some reason, I was using an ItemRenderer in the DataGrid control to display the HTMLText. Once I deleted this section:

  
  
  
  
  

  And just kept this part:

  He started working. So thank you very much for your time and help!

  Thank you
  Chris

• I can't attach text to path but this that any vector?

  I created an image similar to alien points of halftone splat into a vector in a long line. now, I want to bend it around a circle.
  
  Im not using the alien splat filter because it is for the flash and I want that all vectors!
  
  Edit: I tried the tool remodel. I need something more specific. He needs to type about half of a perfect circle!

  I do not want to state the obvious here, but have you tried using text
  Create your circles? Diaphragm openings, zero or 'o' in a font suitable for one
  the appropriate size, would achieve a similar effect, no?

  Peter
  _________________________
  "ToffeeCrisp" wrote in message
  News:fbpctf$1fl$1@forums. Macromedia.com...
  | the image I created consists of many small vector circles not
  joining
  | to each other. If the pen tool is only good for bend each individual
  circle.
  |
  | I've alterd the path from all backgrounds to union them, I thought that it
  pourrait
  | be a way to fix the path as text. If there is no way to do this
  then it
  | would be a good option for that in the next version!
  |
  | Ive also tried drawing it around the circle, but found it too hard and
  time
  | consume!
  |

• Windows Search is a failure after that it started

  Windows Search is crashing or failing

  Windows Search crashes or breaks down after that that she has started. In addition, an event ID 7042, 100, 1000 is recorded in the Windows event log or the Windows Search service is not running.  What can I do to fix this?  Thank you.

  Hello

  Have you made changes on the computer before this problem?

  I would suggest trying the following methods and check if it helps.

  Method 1:

  Run the fixit in the following Microsoft Fixit article and check if the problem persists.

  Difficulty of Windows Desktop Search when it crashes or not display results:

  http://support.Microsoft.com/mats/windows_search/

  Method 2:

  Run the scan tool (SFC) System File Checker and check if it helps.

  How to use the tool File Checker system to troubleshoot missing or corrupted on Windows Vista system files: http://support.microsoft.com/kb/929833

  Method 3:

  Try the steps in the following Microsoft article and check if it works.

  Improve Windows searches using the index: frequently asked questions:

  http://Windows.Microsoft.com/en-us/Windows-Vista/improve-Windows-searches-using-the-index-frequently-asked-questions

  Hope the information is useful.

• I get a login failure message that reads: unknown username or bad password trying to re-establish a network printer on a Vista computer.

  The printer is set up through a wireless network on a computer to Office XP.  The wireless works fine with vista and XP desktop laptop.  My laptop screens Vista network but the default printer icon is green light, saying that it is not connected properly. Now my laptop Vista wonder a logon user name and password that he never did before. I disabled all the security measures and not still it won't let me.  Any help would be appreciated.

  Hi, Gary Gross,.

  1. did you of recent changes on the computer?

  2. do you have security software installed on the computer?

  I suggest that you disable the password protected sharing on vista computer and check if it works.

  To turn off password protected sharing, follow these steps:

  (a) open the network and sharing Center by clicking the Start button, clicking Control Panel, click network and Internet, click network and sharing Center.

  (b) subject sharing and discovery, click the arrow next to password protected sharing.

  (c) click turn off password protected sharing, and then click apply. If you are prompted for an administrator password or a confirmation, type the password or provide confirmation.

  Sharing files and printers with different versions of Windows

  http://Windows.Microsoft.com/en-us/Windows7/help/sharing-files-and-printers-with-different-versions-of-Windows

  I hope this helps!

  Halima S - Microsoft technical support.

  Visit our Microsoft answers feedback Forum and let us know what you think.

• Drive confidence test indicates failure error that 00f0 1332 IRQ was not defined in time

  In my test of confidence in Sata Drive in the diagnosis, he said:

  No additional sense information

  Test results: FAIL

  00f0 code Error 1332

  MSG: Disk - block 26572776

  26572904

  26573032

  26573160

  26573288

  26573416: interrupt request (IRQ) has not been set at the time.

  Can you please tell me what that is and if I can fix it or not.

  This didn't happen until I downloaded the upgrade for windows 7.

  Any help would be really appreciated.

  Hello Terri,

  Thanks for posting your question on the Microsoft community.

  Thank you for details on the issue.

  This problem may occur because of the presence of errors on the hard drive.

  I suggest to run the disk check and see if it helps. Please follow these steps:

  a. Click Start and type cmd in the start search box.

  b. right click on cmd in the search results, then click on run as administrator.

  c. type the following command at the command prompt and press ENTER.

  Chkdsk /f /r

  Note: When running chkdsk on the drive hard if bad sectors are found on the disk hard when chkdsk attempts to repair this area if all available on which data can be lost.

  Where /f fixes errors on the disk and /r locates bad sectors and recovers readable information.

  For reference:
  Run Check Disk from a command line to check and fix disk errors
  https://TechNet.Microsoft.com/en-us/magazine/ee872425.aspx

  I hope this information helps.

  Please let us know if you need more help.

  Thank you

• The view connection server connection failure - and that's it.

  Hi all

  I use a box of 10 Windows with Horizon View Client 5.4.1. Our connections are enabled smart cards. When I run the view of the Horizon, I get the login server and hit connect. I am asked to choose a certificate; I choose the right pair, enter my PIN and then get an error message saying "connection to the view connection server failed." And that's the entire message. When I choose the right certificate, get "the connection to the view connection server is not. " No user could not be found for your certificate." That tells me that it's to reach the server, but without more info, I can not find the problem.

  I opened a session with a view to the Horizon with other machines and can I use my chip card with other sites on this computer. There are ports should I open to view Horizon? What else can I try?

  I started poking around outside the view of the Horizon and found the problem, I'll leave it here in case anyone else has this problem. I had to go to Internet Options-> content in-> certificates-> Select Certificate-> advanced and enable authentication of the Client.

• I accidentally put Adobe to open a certain type of file and now know how to reverse that

  How to cancel Adobe as the program to open a certain file type

  Make a right click on the file (of the type that you have attributed by mistake to Adobe Reader), select "Open with", then "choose default program... ", and then in the list of applications installed, choose the right application (which should open files of this type). Who should correct the associated file.

• I have a video clip taken with a Go Pro.  The clip is upside.  Is it possible in Photos to reverse that?

  I have a video clip taken with a Go Pro.  The camera was upside down when the clip was taken.  I imported it in Photos, and now he is always upside down.  Is it possible to return the clip?

  Not with pictures - you can I think iMovie or QuickTime - export video back in the ouside software and then re-import

  LN

• ASA 5505 as internet gateway (must reverse NAT)

  Hi all the Cisco guru

  I have this diet:

  Office-> Cisco 877-> Internet-> ASA 5505-> remote network

  Office network: 192.168.10.0/24

  Cisco 877 IP internal: 192.168.10.200

  Cisco 877 external IP: a.a.a.a

  ASA 5505 external IP: b.b.b.b

  ASA 5505 internal IP: 192.168.1.3 and 192.168.17.3

  Remote network: 192.168.17.0/24 and 192.168.1.0/24

  VPN tunnel is OK and more. I have the Office Access to the remote network and the remote network access to the bureau by the tunnel.

  But when I try to access the network remotely (there are 2 VLANS: management and OLD-private) to the internet, ASA answer me:

  305013 *. * NAT rules asymetrique.64.9 matched 53 for flows forward and backward; Connection for udp src OLD-Private:192.168.17.138/59949 dst WAN:*.*.64.9/53 refused due to path failure reverse that of NAT

  Ping of OLD-private interface to google result:

  110003 192.168.17.2 0 66.102.7.104 0 routing cannot locate the next hop for icmp NP identity Ifc:192.168.17.2/0 to OLD-Private:66.102.7.104/0

  Result of traceroute

  

  How can I fix reverse NAT and make ASA as internet gateway?

  There is my full config

  !
  ASA Version 8.2 (2)
  !
  hostname ASA2
  domain default.domain.invalid
  activate the encrypted password password
  encrypted passwd password
  names of
  !
  interface Vlan1
  Description INTERNET
  1234.5678.0002 Mac address
  nameif WAN
  security-level 100
  IP address b.b.b.b 255.255.248.0
  OSPF cost 10
  !
  interface Vlan2
  OLD-PRIVATE description
  1234.5678.0202 Mac address
  nameif OLD-private
  security-level 0
  IP 192.168.17.3 255.255.255.0
  OSPF cost 10
  !
  interface Vlan6
  Description MANAGEMENT
  1234.5678.0206 Mac address
  nameif management
  security-level 0
  192.168.1.3 IP address 255.255.255.0
  OSPF cost 10
  !
  interface Ethernet0/0
  !
  interface Ethernet0/1
  Shutdown
  !
  interface Ethernet0/2
  Shutdown
  !
  interface Ethernet0/3
  Shutdown
  !
  interface Ethernet0/4
  Shutdown
  !
  interface Ethernet0/5
  Shutdown
  !
  interface Ethernet0/6
  switchport trunk allowed vlan 2.6
  switchport mode trunk
  !
  interface Ethernet0/7
  Shutdown
  !
  connection of the banner * W A R N I N G *.
  banner connect unauthorized access prohibited. All access is
  connection banner monitored, and intruders will be prosecuted
  connection banner to the extent of the law.
  Banner motd * W A R N I N G *.
  Banner motd unauthorised access prohibited. All access is
  Banner motd monitored and trespassers will be prosecuted
  Banner motd to the extent of the law.
  boot system Disk0: / asa822 - k8.bin
  passive FTP mode
  DNS domain-lookup WAN
  DNS server-group DefaultDNS
  Server name dns.dns.dns.dns
  domain default.domain.invalid
  permit same-security-traffic intra-interface
  object-group Protocol TCPUDP
  object-protocol udp
  object-tcp protocol
  object-group service RDP - tcp
  RDP description
  EQ port 3389 object
  Access extensive list ip 192.168.17.0 LAN_nat0_outbound allow 255.255.255.0 192.168.10.0 255.255.255.0
  Standard access list LAN_IP allow 192.168.17.0 255.255.255.0
  WAN_access_in list of allowed ip extended access all any debug log
  WAN_access_in list extended access permitted ip OLD-private interface WAN newspaper inactive debugging interface
  WAN_access_in list extended access permit tcp any object-group RDP any RDP log debugging object-group
  MANAGEMENT_access_in list of allowed ip extended access all any debug log
  access-list extended OLD-PRIVATE_access_in any allowed ip no matter what debug log
  access-list OLD-PRIVATE_access_in extended permit ip 192.168.10.0 255.255.255.0 192.168.17.0 255.255.255.0 inactive debug log
  OLD-PRIVATE_access_in allowed extended object-group TCPUDP host 192.168.10.7 access-list no matter how inactive debug log
  access-list OLD-PRIVATE_access_in allowed extended icmp host 192.168.10.254 interface private OLD newspaper inactive debugging
  access-list OLD-PRIVATE_access_in allowed extended icmp host 192.168.17.155 interface private OLD newspaper debugging
  access-list 101 extended allow host tcp 192.168.10.7 any eq 3389 debug log
  Access extensive list ip 192.168.17.0 WAN_1_cryptomap allow 255.255.255.0 192.168.10.0 255.255.255.0
  WAN_1_cryptomap to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.10.0 255.255.255.0
  WAN_cryptomap_2 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.10.0 255.255.255.0
  Capin list extended access permit ip host 192.18.17.155 192.168.10.7
  Capin list extended access permit ip host 192.168.10.7 192.168.17.155
  LAN_access_in list of allowed ip extended access all any debug log
  Access extensive list ip 192.168.17.0 WAN_nat0_outbound allow 255.255.255.0 192.168.10.0 255.255.255.0
  Access extensive list ip 192.168.17.0 WAN_2_cryptomap allow 255.255.255.0 192.168.10.0 255.255.255.0

  permit inside_nat0_outbound to access extended list ip 192.168.10.0 255.255.255.0 192.168.17.0 255.255.255.0
  pager lines 24
  Enable logging
  recording of debug trap
  logging of debug asdm
  Debugging trace record
  Debug class auth record trap
  MTU 1500 WAN
  MTU 1500 OLD-private
  MTU 1500 management
  mask 192.168.1.150 - 192.168.1.199 255.255.255.0 IP local pool VPN_Admin_IP
  no failover
  ICMP unreachable rate-limit 1 burst-size 1
  ICMP permitted host a.a.a.a WAN
  ICMP deny any WAN
  ICMP permitted host 192.168.10.7 WAN
  ICMP permitted host b.b.b.b WAN
  ASDM image disk0: / asdm - 631.bin
  don't allow no asdm history
  ARP timeout 14400
  Global (OLD-private) 1 interface
  Global interface (management) 1
  NAT (WAN) 1 0.0.0.0 0.0.0.0

  inside_nat0_outbound (WAN) NAT 0 access list
  WAN_access_in access to the WAN interface group
  Access-group interface private-OLD OLD-PRIVATE_access_in
  Access-group MANAGEMENT_access_in in the management interface
  Route WAN 0.0.0.0 0.0.0.0 b.b.b.185 1
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-registration DfltAccessPolicy
  the ssh LOCAL console AAA authentication
  local AAA authentication attempts 10 max in case of failure
  Enable http server
  http 192.168.1.0 255.255.255.0 WAN
  http 0.0.0.0 0.0.0.0 WAN
  http b.b.b.b 255.255.255.255 WAN
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Service resetoutside
  Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
  life crypto ipsec security association seconds 28800
  Crypto ipsec kilobytes of life - safety 4608000 association
  card crypto WAN_map 1 corresponds to the address WAN_1_cryptomap
  card crypto WAN_map 1 set peer a.a.a.a
  WAN_map 1 transform-set ESP-DES-SHA crypto card game
  card crypto WAN_map WAN interface
  ISAKMP crypto enable WAN
  crypto ISAKMP policy 10
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  crypto ISAKMP policy 30
  preshared authentication
  the Encryption
  sha hash
  Group 1
  life 86400
  Telnet timeout 5
  SSH a.a.a.a 255.255.255.255 WAN
  SSH timeout 30
  SSH version 2
  Console timeout 0
  dhcpd auto_config management
  !

  a basic threat threat detection
  host of statistical threat detection
  Statistics-list of access threat detection
  a statistical threat detection tcp-interception rate-interval 30 burst-400-rate average rate 200
  NTP server 129.6.15.28 source WAN prefer
  WebVPN
  attributes of Group Policy DfltGrpPolicy
  Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
  internal admin group strategy
  group admin policy attributes
  DNS.DNS.DNS.DNS value of DNS server
  Protocol-tunnel-VPN IPSec
  Split-tunnel-policy tunnelspecified
  value of Split-tunnel-network-list LAN_IP
  privilege of encrypted password password username administrator 15
  type tunnel-group admin remote access
  tunnel-group admin general attributes
  address pool VPN_Admin_IP
  strategy-group-by default admin
  tunnel-group a.a.a.a type ipsec-l2l
  tunnel-group a.a.a.a general-attributes
  strategy-group-by default admin
  a.a.a.a group of tunnel ipsec-attributes
  pre-shared-key *.
  NOCHECK Peer-id-validate
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  maximum message length automatic of customer
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the preset_dns_map dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the rsh
  inspect the rtsp
  inspect esmtp
  inspect sqlnet
  inspect the skinny
  inspect sunrpc
  inspect xdmcp
  inspect the sip
  inspect the netbios
  inspect the tftp
  Review the ip options
  !

  Thank you for your time and help

  Why you use this NAT type?

  Access extensive list ip 192.168.17.0 WAN_nat0_outbound allow 255.255.255.0 any
  NAT (OLD-private) 0-list of access WAN_nat0_outbound

  You are basically saying the ASA not NAT traffic. This private IP address range is not routed on the Internet. This traffic is destined to be sent over the Internet? If so, that LAC should then not be there.

  If you want NAT traffic to one IP public outside the ASA, you must remove this line and let the NAT and GLOBAL work:

  NAT (OLD-private) 1 0.0.0.0 0.0.0.0

  Global (WAN) 1 interface