Re: PIX 515e syslog message

richcobb99 · ‎12-08-2004

Hello,

I receive the following message on my syslog server:

Dec 8 16:18:26 trnfw2inside %PIX-3-210021: LU create static xlate 192.168.176.11 ifc 5 failed

According to the cisco website the solution to resolve this problem is to do a write standby from the primary firewall, but this doesn't fix the problem. The messages persist. Has anybody seen this problem before?

nkhawaja · ‎12-09-2004

what version of pix? is it just started happening? any changes? is this the only ip appearing in the message?

can we see the configs (hide the public addresses)

thanks

Nadeem

richcobb99 · ‎12-09-2004

Nadeem,

I may have figured out the problem. Appears that there was a difference between the standby and active PIXs on one of the nameif settings which appears to have led to the backup not getting all of the statics. Primary said nameif ethernet5 DMZ_FAIL and the backup said nameif ethernet5 DMZ. I changed the backups nameif setting, redid a write standby from the primary and now the backup has the static that wasn't there earlier. Hopefully this did the trick, but shouldn't both PIX's show the same translations when you do a show xlate? I don't see any translations on my backup...... They should be there if running stateful failover..correct?

thanks,

richard

nkhawaja · ‎12-09-2004

both pix should show the same translations.

richcobb99 · ‎12-09-2004

OK, now they do. Thanks for your help.

richard