cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2887
Views
11
Helpful
9
Replies

'%ASA-3-210007: LU allocate xlate failed' messages on ASA 8.4(2) cluster

ajtm
Level 1
Level 1

I'm receiving a lot of these messages from the standby ASA since I upgrade the ASA cluster from 8.3(2). I see that I have some diferences in the xlat table. How can I get rid of these messages? Thanks.

9 Replies 9

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Ajtm,

Are you getting the following log as well:

Failed to rep un_xlate for np/port/id/0/-1 10.64.33.120/3486 -  np/port/id/1/-1 10.207.1.35/22 flg: 101040 2100012

If yes, you are hitting bug ID:CSCts29271

If you want to disable those messages just do a:

-no logging message 210007

You will stop seeing those messages but the ASA will still to replicate connections to Standby.

Please rate helpful posts.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

No, I'm not getting the "Failed to rep un_xlate for np/port/id/0/-1 1" messages.

Regards,

Antonio

Hello Ajtm,

Are you seeing these messages on both units or just on one of them (witch one)?

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Just the standby unit.

Regards,

António

Hello Ajtm,

I think you are hitting this bug:

CSCts29271
HA ASA NAT: LU allocate xlate failed error - Failed to rep un_xlate
Symptom: ASA fails to replicate connections to Standby and generates the following errors:  %ASA-3-210007: LU allocate xlate failed

Conditions:

ASA 8.4 with Failover

The workaround for this would be downgrade, you can also try to upgrade to 8.4(2.3)

Please rate helpful posts.

Julio!!!!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

It's running asa842-k8!

Regards,

Antonio

Hello Antonio,

On the bug information say this is a cosmetic bug, so in that case if you do not want to perform a downgrade you can stop logging this messages with the command:

-no logging message 210007

Please rate helpful posts,

Julio,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thanks for the advice.

Regards,

Antonio

Hello Ajtm,

My pleasure, have a great day,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: