Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2080
Views
0
Helpful
6
Replies

Portmap translation Creation failed

avburren1
Level 1
Level 1

‎02-09-2011 02:30 AM - edited ‎03-11-2019 12:47 PM

Hi,

I'm using ASA5510 and I have a problem with the LAN since I install the ASA instead an old sonicwall  :

I have 2 network in the LAN :

IP : 192.168.1.0/24
Gateway : 192.168.1.254 ( ASA LAN interface)

192.168.2.0/24
Gateway : 192.168.2.1 ( Router interface)

I don't join network 2.0 from 1.0, I have this log message :  " Portmap translation Creation failed - event syslog : 305006 "

Any ideas ?

Thanks

Labels:
0 Helpful
6 Replies 6

Jennifer Halim
Cisco Employee
Cisco Employee

‎02-09-2011 02:36 AM

Sorry, don't quite understand what you are trying to achieve.

Where is the router connected to in relation to the ASA? Where does subnet of 192.168.2.0/24 connect to on the ASA?

Can you please share the topology diagram as well as a current configuration from the ASA, and lastly are you trying to connect between the 2 subnets?

0 Helpful

avburren1
Level 1
Level 1
In response to Jennifer Halim

‎02-09-2011 05:53 AM

I join a topology diagram and logs with the message "portmap creation ...."

I try to ping between 192.168.1.111 (monitoring server) for example, and 192.168.2.116 but it doesn't work since I change the Firewall by the ASA.

Hope it will be more clear.

Preview file
20 KB
0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee
In response to avburren1

‎02-09-2011 04:26 PM

Both the source and destination are in the LAN segment. Make sure that the source and destination point to the

router as their GW and not the ASA as their GW.

Once done, it should work.

-KS

0 Helpful

avburren1
Level 1
Level 1
In response to Kureli Sankar

‎02-10-2011 06:59 AM

Here is the configuration that works with the old FW :

192.168.1.111 use the FW LAN interface as Gateway.
192.168.2.116 use 192.168.2.1 (one of the router Interface) as Gateway.

And Route on the FW :
192.168.2.0 192.1688.1.230 255.255.255.0 LAN 1

I don't understand why it doesn't work with the ASA because I haven't changed IP's.
Thanks.

0 Helpful

avburren1
Level 1
Level 1
In response to avburren1

‎02-11-2011 01:00 AM

ok, I found a part of the solution :

I use actually :

global (WAN) 1 interface
nat (LAN) 1 192.168.1.0 255.255.255.0

So I add an exempt rule :
source: 192.168.1.0/24
destination : 192.168.2.0/24

Now I ping from 192.168.1.111 to 192.168.2.116 but the reverse doesn't work.

Ping from 192.168.2.116 to 192.168.1.111 display this logs :

"denied ICMP type=0 from laddres 192.168.1.116 on interface LAN to 192.168.2.116: no matching session"

Thank you

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to avburren1

‎02-11-2011 01:51 AM

You will have to create access-list and apply that to your WAN interface to allow ping from the WAN subnet towards the LAN subnet:

access-list outside-acl permit icmp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

access-group outside-acl in interface WAN

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card