https://community.cisco.com/t5/network-security/asa-3-305006-portmap-translation-creation-failed/m-p/2749819#M192451 <P>&nbsp;</P><P>Hi everyone,</P><P>&nbsp;</P><P>I have ASA5520&nbsp; configured with below interfaces</P><P>interface Ethernet0/3<BR />&nbsp;nameif VISITOR<BR />&nbsp;security-level 50<BR />&nbsp;ip address 192.168.2.1 255.255.255.0<BR />&nbsp;</P><P>interface Ethernet0/1<BR />&nbsp;description Connection to ISP SHAW<BR />&nbsp;nameif outside<BR />&nbsp;security-level 0<BR />&nbsp;ip address dhcp setroute<BR />&nbsp;</P><P>ASA version is 8.0</P><P>&nbsp;</P><P>&nbsp;</P><P>USers with IP address is unable to get to internet and when I do nslookup on user pc for 4.2.2.2 DNS times out.</P><P>Below is log from ASA</P><P>&nbsp;</P><P>&nbsp;</P><P>%ASA-3-305006: portmap translation creation failed for udp src VISITOR:192.168.2.4/60499 dst outside:64.59.144.19/53<BR />&nbsp;</P><P>below is nat config</P><P>&nbsp;</P><P>ASA5520# sh run nat<BR />nat (VISITOR) 1 192.168.2.0 255.255.255.0<BR />nat (VISITOR) 1 0.0.0.0 0.0.0.0<BR />ASA5520# sh nat de<BR />ASA5520# sh nat ?</P><P>Current available interface(s):<BR />&nbsp; MGMT&nbsp;&nbsp;&nbsp;&nbsp; Name of interface Ethernet0/0<BR />&nbsp; VISITOR&nbsp; Name of interface Ethernet0/3<BR />&nbsp; WLC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Name of interface Ethernet0/2<BR />&nbsp; outside&nbsp; Name of interface Ethernet0/1<BR />&nbsp; |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Output modifiers<BR />&nbsp; &lt;cr&gt;<BR />ASA5520# sh nat VI<BR />ASA5520# sh nat VISITOR<BR />&nbsp; match ip VISITOR 192.168.2.0 255.255.255.0 MGMT any<BR />&nbsp;&nbsp;&nbsp; dynamic translation to pool 1 (No matching global)<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR />&nbsp; match ip VISITOR 192.168.2.0 255.255.255.0 outside any<BR />&nbsp;&nbsp;&nbsp; dynamic translation to pool 1 (No matching global)<BR />&nbsp;&nbsp;&nbsp; translate_hits = 279, untranslate_hits = 0<BR />&nbsp; match ip VISITOR 192.168.2.0 255.255.255.0 VISITOR any<BR />&nbsp;&nbsp;&nbsp; dynamic translation to pool 1 (No matching global)<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR />&nbsp; match ip VISITOR any MGMT any<BR />&nbsp;&nbsp;&nbsp; dynamic translation to pool 1 (No matching global)<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR />&nbsp; match ip VISITOR any outside any<BR />&nbsp;&nbsp;&nbsp; dynamic translation to pool 1 (No matching global)<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR />&nbsp; match ip VISITOR any VISITOR any<BR />&nbsp;&nbsp;&nbsp; dynamic translation to pool 1 (No matching global)<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR />ASA5520#</P><P>&nbsp;</P><P>Regards</P><P>MAhesh</P> Tue, 12 Mar 2019 06:29:10 GMT mahesh18 2019-03-12T06:29:10Z https://community.cisco.com/t5/network-security/asa-3-305006-portmap-translation-creation-failed/m-p/2749819#M192451 <P>&nbsp;</P><P>Hi everyone,</P><P>&nbsp;</P><P>I have ASA5520&nbsp; configured with below interfaces</P><P>interface Ethernet0/3<BR />&nbsp;nameif VISITOR<BR />&nbsp;security-level 50<BR />&nbsp;ip address 192.168.2.1 255.255.255.0<BR />&nbsp;</P><P>interface Ethernet0/1<BR />&nbsp;description Connection to ISP SHAW<BR />&nbsp;nameif outside<BR />&nbsp;security-level 0<BR />&nbsp;ip address dhcp setroute<BR />&nbsp;</P><P>ASA version is 8.0</P><P>&nbsp;</P><P>&nbsp;</P><P>USers with IP address is unable to get to internet and when I do nslookup on user pc for 4.2.2.2 DNS times out.</P><P>Below is log from ASA</P><P>&nbsp;</P><P>&nbsp;</P><P>%ASA-3-305006: portmap translation creation failed for udp src VISITOR:192.168.2.4/60499 dst outside:64.59.144.19/53<BR />&nbsp;</P><P>below is nat config</P><P>&nbsp;</P><P>ASA5520# sh run nat<BR />nat (VISITOR) 1 192.168.2.0 255.255.255.0<BR />nat (VISITOR) 1 0.0.0.0 0.0.0.0<BR />ASA5520# sh nat de<BR />ASA5520# sh nat ?</P><P>Current available interface(s):<BR />&nbsp; MGMT&nbsp;&nbsp;&nbsp;&nbsp; Name of interface Ethernet0/0<BR />&nbsp; VISITOR&nbsp; Name of interface Ethernet0/3<BR />&nbsp; WLC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Name of interface Ethernet0/2<BR />&nbsp; outside&nbsp; Name of interface Ethernet0/1<BR />&nbsp; |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Output modifiers<BR />&nbsp; &lt;cr&gt;<BR />ASA5520# sh nat VI<BR />ASA5520# sh nat VISITOR<BR />&nbsp; match ip VISITOR 192.168.2.0 255.255.255.0 MGMT any<BR />&nbsp;&nbsp;&nbsp; dynamic translation to pool 1 (No matching global)<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR />&nbsp; match ip VISITOR 192.168.2.0 255.255.255.0 outside any<BR />&nbsp;&nbsp;&nbsp; dynamic translation to pool 1 (No matching global)<BR />&nbsp;&nbsp;&nbsp; translate_hits = 279, untranslate_hits = 0<BR />&nbsp; match ip VISITOR 192.168.2.0 255.255.255.0 VISITOR any<BR />&nbsp;&nbsp;&nbsp; dynamic translation to pool 1 (No matching global)<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR />&nbsp; match ip VISITOR any MGMT any<BR />&nbsp;&nbsp;&nbsp; dynamic translation to pool 1 (No matching global)<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR />&nbsp; match ip VISITOR any outside any<BR />&nbsp;&nbsp;&nbsp; dynamic translation to pool 1 (No matching global)<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR />&nbsp; match ip VISITOR any VISITOR any<BR />&nbsp;&nbsp;&nbsp; dynamic translation to pool 1 (No matching global)<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR />ASA5520#</P><P>&nbsp;</P><P>Regards</P><P>MAhesh</P> Tue, 12 Mar 2019 06:29:10 GMT https://community.cisco.com/t5/network-security/asa-3-305006-portmap-translation-creation-failed/m-p/2749819#M192451 mahesh18 2019-03-12T06:29:10Z https://community.cisco.com/t5/network-security/asa-3-305006-portmap-translation-creation-failed/m-p/2749820#M192452 <P>Mahesh,</P> <P>Your (pre-8.3 style) NAT statements reference global pool 1.</P> <P>As your show output indicates, you&nbsp;do not have any global pool or address defined ("<SPAN style="font-size: 14.3999996185303px;">No matching global</SPAN>"). You would need something like:</P> <PRE> global (outside) 1 &lt;public IP&gt; netmask &lt;netmask&gt;</PRE> Mon, 24 Aug 2015 02:14:43 GMT https://community.cisco.com/t5/network-security/asa-3-305006-portmap-translation-creation-failed/m-p/2749820#M192452 Marvin Rhoads 2015-08-24T02:14:43Z https://community.cisco.com/t5/network-security/asa-3-305006-portmap-translation-creation-failed/m-p/2749821#M192453 <P>Seems when I had typo with</P><P>global (outside) 101 interface</P><P>when I run the command sh run nat above command was not showing up.</P><P>sh run all I was able to see and fix it.</P><P>&nbsp;</P><P>Regards</P><P>MAhesh</P> Mon, 24 Aug 2015 02:51:20 GMT https://community.cisco.com/t5/network-security/asa-3-305006-portmap-translation-creation-failed/m-p/2749821#M192453 mahesh18 2015-08-24T02:51:20Z