I have a client that keeps receiving the following syslog error:
ASA %ASA-3-210007: LU allocate xlate failed
It has been identified in bug report:
CSCsi65122 (http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsi65122)
This bug report states the following:
Overlapping static with NAT exemption causes xlate errors on standby
Symptom:
"%ASA-3-210007: LU allocate xlate failed" appearing on standby unit
Conditions:
- Stateful failover enabled.
- Overlap between a static NAT rule and the NAT exemption.
-the "alias" command is used to rewrite destination ip address
Workaround:
in the nat exemption access-list deny specifically the traffic matching the source of the traffic with destination the alias'd ip address.
I looked at this bug report and it says the error was first found in 7.0/7.2. However, the client is running 8.4(1) on the ASA's. When this problem initially came to light, my co-worker found this bug report:
CSCth74844
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCth74844&from=summary
This made sense since at the time they were running 8.32 and upgrading to a newer code seemed to be how to fix it according to this article:
http://www.techbloc.net/archives/31
However, even after the upgrade to 8.4(1), the problem still exists. Do we need to roll them back to the unreleased code that the above article mentions? Or should this problem have been fixed in the 8.4(1) release?
TIA for any ideas/suggestions. A call to TAC may be in order for this problem, especially since the workaround doesn't seem to be the best solution.
