?
Solved

Routing failures with portmap translation errors

Posted on 2008-10-20
4
Medium Priority
?
771 Views
Last Modified: 2012-05-05
This all started with an upgrade from a no firewall situation to using a Cisco ASA 5505. Prior to the installation of the ASA this network was using simple port forwarding from the ISP. When the ASA was installed the perimeter router was put in a simple bridged mode by the ISP.

From day one the ASA displayed the attached error message about portmap translation failures for end-user devices at the remote office trying to reach the primary DNS server. Upon further investigation a general routing failure was found.

From within a network device (routers and ASA) I can get to all other network equipment. End-user equipment is visible from within their respective local network, but could not be seen across the private T-1. To make things even more interesting: the file and mail server is visible to end-user systems at the remote office but not the primary DNS server. The VoIP phones are also able to see the VoIP switch.

I just realized that the ASA config I attached doesn't show it, but I did recently upgrade from 7.2(4) to 8.0(4) in an effort to fix this issue.

Any thoughts why routing is selectively working??
Genesis-ASA-and-portmap-error--s.txt
Genesis-core.txt
Genesis-remote.txt
Basic-network-diagram.pdf
0
Comment
Question by:KeepSloanWeird
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 1500 total points
ID: 22763084
> portmap translation creation failed for udp src inside:192.168.2.5/53 dst inside:192.168.1.45/5353
It's real simple. Both source and destination are internal. The asa simply can't do anything with it.

The answer is to use the router 192.168.2.253 as the default gateway for everything on the LAN and have *it* point to the asa with a default route.


0
 
LVL 3

Expert Comment

by:leonjs
ID: 22763245
The other answer and what I have done in the past as a way around this of coarse less commonly practice but create a object group consisting of your network and do a static nat  from the inside to the inside
0
 
LVL 1

Author Comment

by:KeepSloanWeird
ID: 22763931
So I would have DHCP hand out 192.168.2.253 as the gateway for the CORE LAN and then have that device use the ASA as it's gateway? What about the remote office's gateway?
0
 
LVL 1

Author Closing Comment

by:KeepSloanWeird
ID: 31508801
I can't say thank you enough for the input. Just a little more clarification would have been extremely helpful as I was initially hesitant to make the suggested changes without 100% understanding what was being suggested. But I took a leap of faith and it worked.
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question