• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5263
  • Last Modified:

ASA 7.2 5510 portmap translation creation failed for tcp src inside

Hi ive got a NAT problem, the asa shows up a the error: "portmap translation creation failed for tcp src inside" when trying to access a specific lan, here are the network config
INSIDE is 10.21.0.0/24
OUTSIDE is xx.xx.xx.xx
TEMPNET is 192.168.0.0 > NET behind tempnet is 172.1.1.0 /24
The Problem is i have only 2 IPs i can use in Tempnet, so i have to NAT all my internal IPs to 1 IP from the TEMPNET, TEMPNet is provided by another company and got its own router which forwards pakets into several foreign networks, to prevent routing issues (tempnet routers dont know routes into my local net) i need to nat all my local ips to lets say 192.168.1.1.
I added a route for example route tempnet 172.1.1.0 /24 192.168.1.2 (1.2 is the router from the TEMPNET).
Now here are my nat / global / statements:
access-list NAT_TEMP permit ip 10.0.21.0 255.255.255.0 172.1.1.0 255.255.255.0
access-list NAT_ANYDESTINATION permit ip 10.0.21.0 255.255.255.0 any
nat (inside) 1 access-list NAT_ANYDESTINATION
nat (inside) 2 access-list NAT_TEMP
global (inside) 1 interface
global (tempnet) 2 interface

when trying to access 172.1.1.1 i receive the errorcode: portmap translation creation failed..
when i change this:
no nat (inside) 2 access-list NAT_TEMP
no global (tempnet) 2 interface
global (tempnet) 1 interface

it works like a charm, but why isnt it working with the other config, lets say i want to split it more up and work with more then 1 nat rules based on source and destination it wont work, why do i cannot use multiple nat/global statements?

0
netcrew
Asked:
netcrew
1 Solution
 
lrmooreCommented:
The way you have it, traffic hits nat rule 1  before rule 2 it always matches rule1

You can try this:
nat (inside) 10 access-list NAT_ANYDESTINATION
nat (inside) 2 access-list NAT_TEMP
global (outside) 10 interface
global (tempnet) 2 interface
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

Tackle projects and never again get stuck behind a technical roadblock.
Join Now