Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

portmap translation creation failed

Status
Not open for further replies.
zinkann

zinkann

ISP
Jan 8, 2008
167
US
I have a ASA5520. I have a 4506 doing my intervlan routing, static routes pointing to the ASA then out to my ISP with static routes on the ASA. We recently added another T1 line for one vlan. i have a static route on the 4506 just like all of the other routes, on the ASA i connected the new t1 connection to one of the interfaces on the ASA. Added the IP. I can ping the interface from the ASA, and i can ping the t1 router and out to internet. I have created a PAT translation saying 10.0.250.0 255.255.255.0 [IP From ISP]. When i connect a PC to that subnet i can't hit the internet. I was debugging the ASA for that pc's IP and i'm getting a "portmap translation creation failed". Basically my NAT/PAT isn't working, but it works for my other ISP connection. any suggestions? Can an ASA PAT to two different IP's? Surely it can.

CCNA, Network+
 
Sort by date Sort by votes
Yes, it can translate to multiple IP addresses.

But, the problem may be due to other translations you have configured? The NAT order of operation may be giving you some grief!

Check any NAT exemption, statics and policy NAT statments, as these would be processed before your Identity NAT statments.
 
Upvote 0 Downvote
i can only have one default route on the ASA, pointing to ISP1. Is that true?

CCNA, Network+
 
Upvote 0 Downvote
Reading through your comments, I'm not sure if you have seperate outside routers for each ISP, or are they both on the same router?

As I understand, originally you had a 4506 on the inside, an ASA and a T1 router on the outside.

You add a new ISP, do they have a seperate T1 router, or an Ethernet connection to another port on the ASA?

When adding a new ISP connection onto the ASA I'd suggest using a new context for that ISP, so you have one (virtual) firewall per ISP, and let your 4506 sort out which firewall context receives the traffic.

Whilst sounding more complex, this should offer you a more manageable solution.
 
Upvote 0 Downvote
i have two separate ISP's and two seperate core routers. I can also run two seperate firewalls if needed. I have tried adding the second router to another interface on my ASA but like i said ASA can only have one default route. My goal is to have 2 ISPs running at the same time, have all but one vlan/subnet go to ISP1, and one vlan/subnet go to ISP2. If i have a SVI on the 4506 could i do a route map pointing 10.0.0.0 /16 to ASA/ISP1 and then 192.168.250.0 /24 to PIX/ISP2? This is where i am confued though because it seems like the 10 network can't talk to the 192 network because the PIX has problems communicating with the SVI on the 4506...

CCNA, Network+
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

GreatApe
  • Locked
  • Question
Portmap Translation Creation Failed
Replies
3
Views
223
sp33domcgee
sp33domcgee
strtrk88
  • Locked
  • Question
regular translation creation failed for protocol 50
Replies
0
Views
120
strtrk88
strtrk88
zeropoint46
  • Locked
  • Question
Active FTP NAT source translation, ASA5520
Replies
3
Views
183
tpulley
tpulley
vlevalois
  • Locked
  • Question
HTTP to HTTPS translation
Replies
1
Views
132
vlevalois
vlevalois
nstefi1
  • Locked
  • Question
Portmap translation creation failed
Replies
1
Views
126
Supergrrover
Supergrrover

Part and Inventory Search

Sponsor

Back
Top