04-18-2014 12:39 AM - edited 03-10-2019 12:13 AM
I have two ASA5510 firewalls
Cisco Adaptive Security Appliance Software Version 8.4(4)1
Device Manager Version 6.4(9)
Compiled on Thu 14-Jun-12 11:20 by builders
System image file is "disk0:/asa844-1-k8.bin"
Config file at boot was "startup-config"
failover mode is A/S
The standby firewall always appears these logs
Apr 18 2014 16:21:53: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:22:08: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:22:23: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:22:38: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:22:53: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:23:08: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:23:23: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:23:38: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:24:08: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:24:23: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:25:39: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:26:24: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:27:09: %ASA-3-210007: LU allocate xlate failed
Datecenter's ASA5520 has the same problem
I don't know the reason why
Solved! Go to Solution.
04-21-2014 06:24 AM
Your NAT statements appear to be in order.
If you have a support contract, I would recommend opening a TAC case for resolution.
04-18-2014 06:49 AM
Assuming you have sufficient free memory (the primary cause for this issue)...
There is one old bug that manifests this problem but it should not appear on your 8.4 code.
One other possibility is an overlap between static NAT and NAT exemption configurations. Please double check your configuration for that condition.
04-21-2014 12:47 AM
I'm sorry i did not reply immediately !
i had checked the memory.
The result show me that not only primary but also secondary both of them have enough memory
Paimary firewall
JP-FW# sh memory
Free memory: 754458944 bytes (70%)
Used memory: 319282880 bytes (30%)
------------- ------------------
Total memory: 1073741824 bytes (100%)
Secoundary firewall
JP-FW# sh memory
Free memory: 763603096 bytes (71%)
Used memory: 310138728 bytes (29%)
------------- ------------------
Total memory: 1073741824 bytes (100%)
I had vpn configuration so I use static nat and nat exemption at one time.
but i don't know whether it was overlap or not
following is my configuration
Static NAT
object network 70.77
nat (inside,outside) static 82.100 service tcp www www
object network 70.80
nat (inside,outside) static 82.100 service tcp 2302 2302
object network 70.80_3306
nat (inside,outside) static 82.100 service tcp 3306 3306
--------------------------------------------------------------------------------------------------------------------------
OBJECT
object network local-lan
subnet 10.192.64.0 255.255.248.0
object network ssl
subnet 10.10.10.0 255.255.255.0
object network narita
subnet 10.192.72.0 255.255.248.0
object network asakusa
subnet 10.192.1.0 255.255.255.0
object network nogedaira
subnet 10.192.128.0 255.255.255.0
object network hangyou
subnet 192.168.0.0 255.255.0.0
-------------------------------------------------------------------------------------------------------------------------
NAT EXEMPTION
nat (inside,outside) source static local-lan local-lan destination static ssl ssl
nat (inside,outside) source static local-lan local-lan destination static narita narita
nat (inside,outside) source static local-lan local-lan destination static asakusa asakusa
nat (inside,outside) source static local-lan local-lan destination static hangyou hangyou
nat (inside,outside) source static local-lan local-lan destination static nogedaira nogedaira
04-21-2014 06:24 AM
Your NAT statements appear to be in order.
If you have a support contract, I would recommend opening a TAC case for resolution.
04-21-2014 06:24 PM
OK I'll try to find the contract and opening a TAC case
Thank you !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide