Solved

Routing failures with portmap translation errors

Posted on 2008-10-20
4
768 Views
Last Modified: 2012-05-05
This all started with an upgrade from a no firewall situation to using a Cisco ASA 5505. Prior to the installation of the ASA this network was using simple port forwarding from the ISP. When the ASA was installed the perimeter router was put in a simple bridged mode by the ISP.

From day one the ASA displayed the attached error message about portmap translation failures for end-user devices at the remote office trying to reach the primary DNS server. Upon further investigation a general routing failure was found.

From within a network device (routers and ASA) I can get to all other network equipment. End-user equipment is visible from within their respective local network, but could not be seen across the private T-1. To make things even more interesting: the file and mail server is visible to end-user systems at the remote office but not the primary DNS server. The VoIP phones are also able to see the VoIP switch.

I just realized that the ASA config I attached doesn't show it, but I did recently upgrade from 7.2(4) to 8.0(4) in an effort to fix this issue.

Any thoughts why routing is selectively working??
Genesis-ASA-and-portmap-error--s.txt
Genesis-core.txt
Genesis-remote.txt
Basic-network-diagram.pdf
0
Comment
Question by:KeepSloanWeird
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 22763084
> portmap translation creation failed for udp src inside:192.168.2.5/53 dst inside:192.168.1.45/5353
It's real simple. Both source and destination are internal. The asa simply can't do anything with it.

The answer is to use the router 192.168.2.253 as the default gateway for everything on the LAN and have *it* point to the asa with a default route.


0
 
LVL 3

Expert Comment

by:leonjs
ID: 22763245
The other answer and what I have done in the past as a way around this of coarse less commonly practice but create a object group consisting of your network and do a static nat  from the inside to the inside
0
 
LVL 1

Author Comment

by:KeepSloanWeird
ID: 22763931
So I would have DHCP hand out 192.168.2.253 as the gateway for the CORE LAN and then have that device use the ASA as it's gateway? What about the remote office's gateway?
0
 
LVL 1

Author Closing Comment

by:KeepSloanWeird
ID: 31508801
I can't say thank you enough for the input. Just a little more clarification would have been extremely helpful as I was initially hesitant to make the suggested changes without 100% understanding what was being suggested. But I took a leap of faith and it worked.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question