Руководство По Устранению Ошибки для Cisco Cisco ASA 5580 Adaptive Security Appliance

ASA(config)# 

The manual NAT rules are processed based on their appearance in the configuration. If a very broad NAT rule
is listed first in the configuration, it might override another, more specific rule farther down in the NAT table.
Use packet tracer in order to verify which NAT rule your traffic hits; it might be necessary to rearrange the
manual NAT entries to a different order. 

Reorder NAT rules with ASDM.

NAT rules can be reordered with the CLI if you remove the rule and reinsert it at a specific line number. In
order to insert a new rule at a specific line, enter the line number just after the interfaces are specified.

Example:

ASA(config)# nat (inside,outside) 1 source static 10.10.10.0−net

Sometimes NAT rules are created that use objects that are too broad. If these rules are placed near the top of
the NAT table (at the top of Section 1, for example), they might match more traffic than intended and cause
NAT rules farther down the table to never be hit.

Use packet tracer in order to determine if your traffic matches a rule with object definitions that are too broad.
If this is the case, you should reduce the scope of those objects, or move the rules farther down the NAT table,
or to the after−auto section (Section 3) of the NAT table.