netcrew
asked on
ASA 7.2 5510 portmap translation creation failed for tcp src inside
Hi ive got a NAT problem, the asa shows up a the error: "portmap translation creation failed for tcp src inside" when trying to access a specific lan, here are the network config
INSIDE is 10.21.0.0/24
OUTSIDE is xx.xx.xx.xx
TEMPNET is 192.168.0.0 > NET behind tempnet is 172.1.1.0 /24
The Problem is i have only 2 IPs i can use in Tempnet, so i have to NAT all my internal IPs to 1 IP from the TEMPNET, TEMPNet is provided by another company and got its own router which forwards pakets into several foreign networks, to prevent routing issues (tempnet routers dont know routes into my local net) i need to nat all my local ips to lets say 192.168.1.1.
I added a route for example route tempnet 172.1.1.0 /24 192.168.1.2 (1.2 is the router from the TEMPNET).
Now here are my nat / global / statements:
access-list NAT_TEMP permit ip 10.0.21.0 255.255.255.0 172.1.1.0 255.255.255.0
access-list NAT_ANYDESTINATION permit ip 10.0.21.0 255.255.255.0 any
nat (inside) 1 access-list NAT_ANYDESTINATION
nat (inside) 2 access-list NAT_TEMP
global (inside) 1 interface
global (tempnet) 2 interface
when trying to access 172.1.1.1 i receive the errorcode: portmap translation creation failed..
when i change this:
no nat (inside) 2 access-list NAT_TEMP
no global (tempnet) 2 interface
global (tempnet) 1 interface
it works like a charm, but why isnt it working with the other config, lets say i want to split it more up and work with more then 1 nat rules based on source and destination it wont work, why do i cannot use multiple nat/global statements?
INSIDE is 10.21.0.0/24
OUTSIDE is xx.xx.xx.xx
TEMPNET is 192.168.0.0 > NET behind tempnet is 172.1.1.0 /24
The Problem is i have only 2 IPs i can use in Tempnet, so i have to NAT all my internal IPs to 1 IP from the TEMPNET, TEMPNet is provided by another company and got its own router which forwards pakets into several foreign networks, to prevent routing issues (tempnet routers dont know routes into my local net) i need to nat all my local ips to lets say 192.168.1.1.
I added a route for example route tempnet 172.1.1.0 /24 192.168.1.2 (1.2 is the router from the TEMPNET).
Now here are my nat / global / statements:
access-list NAT_TEMP permit ip 10.0.21.0 255.255.255.0 172.1.1.0 255.255.255.0
access-list NAT_ANYDESTINATION permit ip 10.0.21.0 255.255.255.0 any
nat (inside) 1 access-list NAT_ANYDESTINATION
nat (inside) 2 access-list NAT_TEMP
global (inside) 1 interface
global (tempnet) 2 interface
when trying to access 172.1.1.1 i receive the errorcode: portmap translation creation failed..
when i change this:
no nat (inside) 2 access-list NAT_TEMP
no global (tempnet) 2 interface
global (tempnet) 1 interface
it works like a charm, but why isnt it working with the other config, lets say i want to split it more up and work with more then 1 nat rules based on source and destination it wont work, why do i cannot use multiple nat/global statements?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.