Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
515
Views
0
Helpful
2
Replies

Nat issue (portmap translation creation failed)

giuseppe parlato
Level 1
Level 1

‎07-16-2013 12:16 PM - edited ‎03-11-2019 07:12 PM

Hello,

I have ASA 5550 with 8.2.5

I have some dmz just like 192.168.160.0/24, 192.168.161.0/24 .. all with different security levels

I've been trying on a testing firewall to remove nat exempt or nat static (for example natting 192.168.160.0 to 192.168.160.0) between those dmz and nothing works now. Why do I have to use nat between networks directly connected !?! is there any way to make it working without nat ? I've issued no nat-control also. Below the syslog error,

3|Jul 16 2013|17:06:29|305006|192.168.160.53||192.168.161.167||portmap translation creation failed for icmp src DMZ0:192.168.160.53 dst DMZ1:192.168.161.167 (type 8, code 0)

Thank you

Labels:
0 Helpful
2 Replies 2

giuseppe parlato
Level 1
Level 1

‎07-16-2013 12:18 PM

I forgot this syslog error also,

5|Jul 16 2013|17:11:14|305013|192.168.161.167||192.168.160.53||Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src DMZ1:192.168.161.167 dst DMZ0:192.168.160.53 (type 8, code 0) denied due to NAT reverse path failure

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni

‎07-16-2013 12:19 PM

Hi,

Can you post the output of the following "packet-tracer" command

packet-tracer input DMZ0 icmp 192.168.160.53 8 0 192.168.161.167

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card