Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
898
Views
0
Helpful
6
Replies

portmap translation creation failed for tcp src inside:10.x.x.x/<random port number> dst outside:<internet IP address/port number>

andrewdours
Level 1
Level 1

‎04-08-2015 12:17 PM - edited ‎03-11-2019 10:45 PM

We're able to get to the internet, but everyone has noticed a lag in response times so I decided to check the firewall.  Not sure if this is a major issue, but it is an error that I had not seen before.  Any ideas of what I can check?

 

Thanks,

 

Andrew

Labels:
0 Helpful
6 Replies 6

Pranay Prasoon
Level 3
Level 3

‎04-08-2015 05:05 PM

this  under some circumstances can be bug. But they usually not interrupt traffic.

 

I would suggest looking for how many PAT is already existed with this IP address. You can check "show xlate | in <pat ip address>" and see if the PAT ports are already exhausted. This usually happens because all users are using on one IP for PAT and connection is so high that all the ports got exhausted.

 

there are some questions through

1) are you using ASA in cluster mode?

2) what is the software version?

3) attach your running-config

0 Helpful

Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to Pranay Prasoon

‎04-09-2015 07:56 PM

Hi,

Output of "show nat pool" output would also be helpful in addition to your relevant NAT and ACL configuration.

Thanks and Regards,

Vibhor Amrodia
 

0 Helpful

andrewdours
Level 1
Level 1
In response to Vibhor Amrodia

‎04-20-2015 05:49 AM

Result of the command: "show nat pool"

UDP PAT pool outside:HOST-x.x.x.114, address x.x.x.114, range 1-511, allocated 1
UDP PAT pool outside:HOST-x.x.x.114, address x.x.x.114, range 512-1023, allocated 0
UDP PAT pool outside:HOST-x.x.x.114, address x.x.x.114, range 1024-65535, allocated 113
TCP PAT pool outside, address x.x.x.129, range 1-511, allocated 1
TCP PAT pool outside, address x.x.x.129, range 512-1023, allocated 0
TCP PAT pool outside, address x.x.x.129, range 1024-65535, allocated 0
TCP PAT pool outside:HOST-x.x.x.113, address x.x.x.113, range 1-511, allocated 0
TCP PAT pool outside:HOST-x.x.x.113, address x.x.x.113, range 512-1023, allocated 0
TCP PAT pool outside:HOST-x.x.x.113, address x.x.x.113, range 1024-65535, allocated 670
UDP PAT pool outside:HOST-x.x.x.113, address x.x.x.113, range 1-511, allocated 0
UDP PAT pool outside:HOST-x.x.x.113, address x.x.x.113, range 512-1023, allocated 0
UDP PAT pool outside:HOST-x.x.x.113, address x.x.x.113, range 1024-65535, allocated 29
UDP PAT pool outside, address x.x.x.98, range 1-511, allocated 4
UDP PAT pool outside, address x.x.x.98, range 512-1023, allocated 0
UDP PAT pool outside, address x.x.x.98, range 1024-65535, allocated 7
TCP PAT pool outside:HOST-x.x.x.114, address x.x.x.114, range 1-511, allocated 0
TCP PAT pool outside:HOST-x.x.x.114, address x.x.x.114, range 512-1023, allocated 0
TCP PAT pool outside:HOST-x.x.x.114, address x.x.x.114, range 1024-65535, allocated 405
TCP PAT pool inside, address 10.255.98.109, range 1-511, allocated 2
TCP PAT pool inside, address 10.255.98.109, range 512-1023, allocated 0
TCP PAT pool inside, address 10.255.98.109, range 1024-65535, allocated 0
UDP PAT pool inside, address 10.255.98.109, range 1-511, allocated 3
UDP PAT pool inside, address 10.255.98.109, range 512-1023, allocated 1
UDP PAT pool inside, address 10.255.98.109, range 1024-65535, allocated 6
TCP PAT pool management, address 10.255.0.110, range 1-511, allocated 2
TCP PAT pool management, address 10.255.0.110, range 512-1023, allocated 0
TCP PAT pool management, address 10.255.0.110, range 1024-65535, allocated 0
UDP PAT pool management, address 10.255.0.110, range 1-511, allocated 1
UDP PAT pool management, address 10.255.0.110, range 512-1023, allocated 1
UDP PAT pool management, address 10.255.0.110, range 1024-65535, allocated 3
TCP PAT pool any:HOST-x.x.x.113, address x.x.x.113, range 1-511, allocated 0
TCP PAT pool any:HOST-x.x.x.113, address x.x.x.113, range 512-1023, allocated 0
TCP PAT pool any:HOST-x.x.x.113, address x.x.x.113, range 1024-65535, allocated 246
UDP PAT pool any:HOST-x.x.x.113, address x.x.x.113, range 1-511, allocated 1
UDP PAT pool any:HOST-x.x.x.113, address x.x.x.113, range 512-1023, allocated 0
UDP PAT pool any:HOST-x.x.x.113, address x.x.x.113, range 1024-65535, allocated 22

 

Preview file
101 KB
0 Helpful

Pranay Prasoon
Level 3
Level 3
In response to andrewdours

‎04-20-2015 09:28 AM

Looking at PAT pool stats, this doesn't seem to be exhausted at any point. Opening a TAC case will be better option to dig deeper.

0 Helpful

andrewdours
Level 1
Level 1
In response to Pranay Prasoon

‎08-20-2015 06:54 AM

I ended up being more specific with the NAT statements.  Instead of having any - outside I changed many statements to <interface> - outside.  That seemed to clear it up.
 

0 Helpful

andrewdours
Level 1
Level 1
In response to Pranay Prasoon

‎04-20-2015 05:45 AM

1) Not in cluster mode

2) Cisco Adaptive Security Appliance Software Version 9.0(4)
Device Manager Version 7.1(6)

3) I'm not comfortable posting my running configuration.  I can just open a case if this is not enough information to go on.

Thanks,

Andrew

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card