08-23-2015 04:06 PM - edited 03-11-2019 11:29 PM
Hi everyone,
I have ASA5520 configured with below interfaces
interface Ethernet0/3
nameif VISITOR
security-level 50
ip address 192.168.2.1 255.255.255.0
interface Ethernet0/1
description Connection to ISP SHAW
nameif outside
security-level 0
ip address dhcp setroute
ASA version is 8.0
USers with IP address is unable to get to internet and when I do nslookup on user pc for 4.2.2.2 DNS times out.
Below is log from ASA
%ASA-3-305006: portmap translation creation failed for udp src VISITOR:192.168.2.4/60499 dst outside:64.59.144.19/53
below is nat config
ASA5520# sh run nat
nat (VISITOR) 1 192.168.2.0 255.255.255.0
nat (VISITOR) 1 0.0.0.0 0.0.0.0
ASA5520# sh nat de
ASA5520# sh nat ?
Current available interface(s):
MGMT Name of interface Ethernet0/0
VISITOR Name of interface Ethernet0/3
WLC Name of interface Ethernet0/2
outside Name of interface Ethernet0/1
| Output modifiers
<cr>
ASA5520# sh nat VI
ASA5520# sh nat VISITOR
match ip VISITOR 192.168.2.0 255.255.255.0 MGMT any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
match ip VISITOR 192.168.2.0 255.255.255.0 outside any
dynamic translation to pool 1 (No matching global)
translate_hits = 279, untranslate_hits = 0
match ip VISITOR 192.168.2.0 255.255.255.0 VISITOR any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
match ip VISITOR any MGMT any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
match ip VISITOR any outside any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
match ip VISITOR any VISITOR any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
ASA5520#
Regards
MAhesh
Solved! Go to Solution.
08-23-2015 07:14 PM
Mahesh,
Your (pre-8.3 style) NAT statements reference global pool 1.
As your show output indicates, you do not have any global pool or address defined ("No matching global"). You would need something like:
global (outside) 1 <public IP> netmask <netmask>
08-23-2015 07:14 PM
Mahesh,
Your (pre-8.3 style) NAT statements reference global pool 1.
As your show output indicates, you do not have any global pool or address defined ("No matching global"). You would need something like:
global (outside) 1 <public IP> netmask <netmask>
08-23-2015 07:51 PM
Seems when I had typo with
global (outside) 101 interface
when I run the command sh run nat above command was not showing up.
sh run all I was able to see and fix it.
Regards
MAhesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide