Re: Another NAT question

Tom Kolb · ‎08-21-2010

Hi, I have been trying to solve this problem all afternoon. I know it is a simple NAT issue but I just can't figure it out.

Just installed a ASA 5505 for a new PtP fiber connection to a customer. We are extending the customers LAN to the ASA over fiber. The EVV LAN side of the fiber is 10.10.10.0/24. Now the EVV LAN location has a 2nd location connected by a PtP T1. The Remote end of the T1 is 10.10.30.0/24. The T1 has a router in EVV with a GW of 10.10.10.12.

All works well evcept when people on the remote end of the T1 10.10.30.0 try to connect to servers in EVV on 10.10.10.0 I get an error on the ASA

3 Aug 21 2010 13:58:05 305006 10.10.30.106 53 portmap translation creation failed for udp src PtP:10.10.10.6/65433 dst PtP:10.10.30.106/53

I know this is a NAT problem since I must route the traffic back out the ASA LAN GW of 10.10.10.1 which is the same interface it arrived on.

Thanks if anyone can help oit.

Tom

kishork_1987 · ‎09-10-2010

hi

10.10.30.106 53 portmap translation creation failed for udp src PtP:10.10.10.6/65433 dst PtP:10.10.30.106/53

as far as i see it,looks like the reply packet from 10.10.10.6 to 10.10.30.106 port map translation is not happening

Can you be specific like what is the security level on each side of the asa interfaces.

Does 10.10.30.0 network belong to inside/outside/dmz network

do you have policy allowing dns request from/to 10.10.30.0 to 10.10.10.0 network

what is the nat command that has been configured for 10.10.10.6(server)..

Tom Kolb · ‎09-11-2010

Thanks I found the solution. I used the VPN wizard to make the VPN and made a mistake. The mistake left some incorrect NAT runles in the config. After reviewing the comfig some more I found and deleted.

Thanks for your responce.

Tom