portmap translation creation failed

[scarcjm]

PIX has been installed for 2 months .. error free !
all of a sudden today I get pages and pages of the following error:
%PIX-3-305006: portmap translation creation failed for tcp src inside:192.168.xx.48/2635 dst outside:195.22.198.7/80
%PIX-3-305006: portmap translation creation failed for tcp src inside:192.168.xx.28/1504 dst outside:199.181.135.77/80
Seems every inside attempt to connect to URL port 80 failed.
I fixed by "clear xlate" so all is well for now ....

Anyone know what this means ?

Thank you in advance.
Steve

 

[yizhar]

HI.

How many internal hosts?
What pix device?
Can you post relevant config (especialy "global" and "nat" statements)?
If you are using NAT (global with range of addresses), try using PAT (single address).
Look at your configuration for overlapping addresses - conflicts in the following statements: static, ip address, global.

Next time if you get this, try to get more details about the pix status.
Use PDM montioring tab.
Use the following CLI commands:
show xlate
show conn
If you are logging at level 6, look also for the following:
%PIX-6-302010: conns in use, conns most used

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[scarcjm]

Yizher ..
Thank you for the reply. I may have solved it. I had some overlapping routes and I found when I add 2 more global commands - this seems to have solved it. I am using PAT.

So my global commands look like:
global (outside) 1 216.90.xxx.a netmask 255.255.255.255
global (outside) 1 216.90.xxx.b netmask 255.255.255.255
global (outside) 1 216.90.xxx.c netmask 255.255.255.255

I'm hopeful this fixed it .. it's only been 48 hours... I'll keep you posted.
Steve

 

[sohtnax]

Steve,

This is probably a very stupid question, but when you indicate 216.90.xxx.a, what is the "a", "b", or "c" substituting?