Solved

Routing failures with portmap translation errors

Posted on 2008-10-20
4
766 Views
Last Modified: 2012-05-05
This all started with an upgrade from a no firewall situation to using a Cisco ASA 5505. Prior to the installation of the ASA this network was using simple port forwarding from the ISP. When the ASA was installed the perimeter router was put in a simple bridged mode by the ISP.

From day one the ASA displayed the attached error message about portmap translation failures for end-user devices at the remote office trying to reach the primary DNS server. Upon further investigation a general routing failure was found.

From within a network device (routers and ASA) I can get to all other network equipment. End-user equipment is visible from within their respective local network, but could not be seen across the private T-1. To make things even more interesting: the file and mail server is visible to end-user systems at the remote office but not the primary DNS server. The VoIP phones are also able to see the VoIP switch.

I just realized that the ASA config I attached doesn't show it, but I did recently upgrade from 7.2(4) to 8.0(4) in an effort to fix this issue.

Any thoughts why routing is selectively working??
Genesis-ASA-and-portmap-error--s.txt
Genesis-core.txt
Genesis-remote.txt
Basic-network-diagram.pdf
0
Comment
Question by:KeepSloanWeird
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 22763084
> portmap translation creation failed for udp src inside:192.168.2.5/53 dst inside:192.168.1.45/5353
It's real simple. Both source and destination are internal. The asa simply can't do anything with it.

The answer is to use the router 192.168.2.253 as the default gateway for everything on the LAN and have *it* point to the asa with a default route.


0
 
LVL 3

Expert Comment

by:leonjs
ID: 22763245
The other answer and what I have done in the past as a way around this of coarse less commonly practice but create a object group consisting of your network and do a static nat  from the inside to the inside
0
 
LVL 1

Author Comment

by:KeepSloanWeird
ID: 22763931
So I would have DHCP hand out 192.168.2.253 as the gateway for the CORE LAN and then have that device use the ASA as it's gateway? What about the remote office's gateway?
0
 
LVL 1

Author Closing Comment

by:KeepSloanWeird
ID: 31508801
I can't say thank you enough for the input. Just a little more clarification would have been extremely helpful as I was initially hesitant to make the suggested changes without 100% understanding what was being suggested. But I took a leap of faith and it worked.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Download Logs File from Cisco Switch 1 39
Cisco ASA 5505 Login issues 2 38
Cisco 5508 controller parsing error 4 55
Cisco 3750G swithces stack question 3 16
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now