Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
425
Views
0
Helpful
3
Replies

305006 : portmap translation creation failed

Go to solution
peterturvey
Level 1
Level 1

‎02-17-2005 05:20 AM - edited ‎03-09-2019 10:22 AM

I'm pretty new to all of this firewall business so apologies in advance if what I'm asking is obvious to more experienced folk.

I've got two servers inside my firewall and I'm trying to test out the connectivity through my CISCO PIX 515E by pinging a PC on the outside.

My Server furthest away from the firewall has an IP address of 192.168.2.105.

The other server has two NICs, 192.168.2.106 and 192.168.1.107.

Inside iface of the firewall is 192.168.1.1.

Outside iface of the firewall is a.b.c.39

PC on the outside is a.b.c.1

I've got access rules for ICMP on both the inside interface and the outside interface (permit icmp any any).

I've set up a static NAT between 192.168.1.107 and the outside interface.

I've set up a global pool on the outside interface and a Dynamic NAT rule.

So my configuration has the following ...

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside, outside) interface 192.168.1.107 netmask 255.255.255.255 0 0

When I try and ping the outside PC from the server nearest to the firewall (192.168.1.107) it works fine. The static NAT rule means that my outside PC thinks it has got a ping request from IP address a.b.c.39 and happily sends its reply.

But when I try and ping from 192.168.2.105 no ping requests arrive at the outside PC.

Instead I get a message in my PIX Device Manager saying "305006 : portmap translation creation failed for icmp src : inside Server1 dst outside : userPC1 "

Can anybody tell me what I'm doing wrong ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jayson.talaga
Level 1
Level 1

‎02-17-2005 06:16 AM

Delete the Static statement and the access for 192.168.2.105 should work. It looks to me like the static statement is overriding your Dynamic NAT. When you only have one public IP address (interface) you should only use the static statement for Port Redirection rather than a 1 to 1 static definition.

Regards,

Jayson

View solution in original post

0 Helpful
3 Replies 3

Go to solution
jayson.talaga
Level 1
Level 1

‎02-17-2005 06:16 AM

Delete the Static statement and the access for 192.168.2.105 should work. It looks to me like the static statement is overriding your Dynamic NAT. When you only have one public IP address (interface) you should only use the static statement for Port Redirection rather than a 1 to 1 static definition.

Regards,

Jayson

0 Helpful

Go to solution
peterturvey
Level 1
Level 1
In response to jayson.talaga

‎02-17-2005 08:34 AM

Thanks ever so much for that Jayson.

I've now been given a second public IP address so I can keep my static definition and use my new address for the dynamic NAT.

0 Helpful

Go to solution
dackerman
Level 1
Level 1

‎02-18-2005 09:12 AM

you're not doing anything wrong. we just went through this ourselfs last night. if your using syslog via tcp change it to udp. dunno why but cisco figured that one out for us. for whatever reason tcp syslogging causes this problem.

good luck!

0 Helpful
Customers Also Viewed These Support Documents