Error portmap translation creation failed

I am conf. thru ASDM for ASA 5550.
I have two zones  : ITZONE  & USERZONE.
ITZONE  - 192.168.1.0/24
USERZONE - 192.168.200.0/26

POlicy created as ITZONE  192.168.1.100/24 to USERZONE 192.168.200.15/26 PORT 3389.

When trying to access i am getting error.
portmap translation creation failed for tcp src ITZONE :192.168.1.100/2195 dst USERZONE:192.168.200.15/3389
vkraamanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Istvan KalmarHead of IT Security Division Commented:
Hi,

Did you enabled nonat between zones? Did you enabled on lowers security interface with ACL this traffic?

Please show us the config


Best regards,
Istvan
0
vkraamanAuthor Commented:
interface Management0/0
 description ***ip address 172.29.100.7 255.255.254.0 standby 172.29.100.9***
 shutdown
 nameif management
 security-level 100
 no ip address
 management-only
!
interface GigabitEthernet1/1
 description ***USERZONE - KK***
 nameif USERZONE
 security-level 100
 ip address 192.168.200.1 255.255.255.192 standby 192.168.200.2
fwconf-ee.txt
0
vkraamanAuthor Commented:
interface GigabitEthernet0/1
 description ***ITZONE NETWORK***
 nameif ITZONE
 security-level 100
 ip address 192.168.1.100 255.255.255.0 standby 192.168.1.50
!
interface Management0/0
 description ***ip address 172.29.100.7 255.255.254.0 standby 172.29.100.9***
 shutdown
 nameif management
 security-level 100
 no ip address
 management-only
!
interface GigabitEthernet1/1
 description ***USERZONE - KK***
 nameif USERZONE
 security-level 100
 ip address 192.168.200.1 255.255.255.192 standby 192.168.200.2
!
0
How the Cloud Can Help You as an MSSP

Today, every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. Register today to learn more!

qbakiesCommented:
You need to allow interfaces with the same security level to communicate.  Use this command:

same-security-traffic permit inter-interface
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
vkraamanAuthor Commented:
Thanks but
interface GigabitEthernet0/1
 description ***ITZONE NETWORK***
 nameif ITZONE
 security-level 100
 ip address 192.168.1.100 255.255.255.0 standby 192.168.1.50
!
interface GigabitEthernet1/1
 description ***USERZONE - KK***
 nameif USERZONE
 security-level 100
 ip address 192.168.200.1 255.255.255.192 standby 192.168.200.2
!
both interfaces are  security-level 100
0
LingerLongerCommented:
Right, so you must enter the command suggested by qbakies to get the two interfaces to talk. Despite being the same security level, they will not talk between each other without that command.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.