Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1453
Views
0
Helpful
2
Replies

%ASA-3-305006: portmap translation creation failed

Go to solution
mahesh18
Level 6
Level 6

‎08-23-2015 04:06 PM - edited ‎03-11-2019 11:29 PM

 

Hi everyone,

 

I have ASA5520  configured with below interfaces

interface Ethernet0/3
 nameif VISITOR
 security-level 50
 ip address 192.168.2.1 255.255.255.0
 

interface Ethernet0/1
 description Connection to ISP SHAW
 nameif outside
 security-level 0
 ip address dhcp setroute
 

ASA version is 8.0

 

 

USers with IP address is unable to get to internet and when I do nslookup on user pc for 4.2.2.2 DNS times out.

Below is log from ASA

 

 

%ASA-3-305006: portmap translation creation failed for udp src VISITOR:192.168.2.4/60499 dst outside:64.59.144.19/53
 

below is nat config

 

ASA5520# sh run nat
nat (VISITOR) 1 192.168.2.0 255.255.255.0
nat (VISITOR) 1 0.0.0.0 0.0.0.0
ASA5520# sh nat de
ASA5520# sh nat ?

Current available interface(s):
  MGMT     Name of interface Ethernet0/0
  VISITOR  Name of interface Ethernet0/3
  WLC      Name of interface Ethernet0/2
  outside  Name of interface Ethernet0/1
  |        Output modifiers
  <cr>
ASA5520# sh nat VI
ASA5520# sh nat VISITOR
  match ip VISITOR 192.168.2.0 255.255.255.0 MGMT any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match ip VISITOR 192.168.2.0 255.255.255.0 outside any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 279, untranslate_hits = 0
  match ip VISITOR 192.168.2.0 255.255.255.0 VISITOR any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match ip VISITOR any MGMT any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match ip VISITOR any outside any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match ip VISITOR any VISITOR any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
ASA5520#

 

Regards

MAhesh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-23-2015 07:14 PM

Mahesh,

Your (pre-8.3 style) NAT statements reference global pool 1.

As your show output indicates, you do not have any global pool or address defined ("No matching global"). You would need something like:

global (outside) 1 <public IP> netmask <netmask>

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-23-2015 07:14 PM

Mahesh,

Your (pre-8.3 style) NAT statements reference global pool 1.

As your show output indicates, you do not have any global pool or address defined ("No matching global"). You would need something like:

global (outside) 1 <public IP> netmask <netmask>
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Marvin Rhoads

‎08-23-2015 07:51 PM

Seems when I had typo with

global (outside) 101 interface

when I run the command sh run nat above command was not showing up.

sh run all I was able to see and fix it.

 

Regards

MAhesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card