09-24-2008 06:07 AM - edited 03-11-2019 06:48 AM
Hi everybody,
I'm getting a serious problem on my ASA 5540.
I've configure a NAT pool range (10.10.10.2-10.10.10.4) to acess a remote network.
This pool conteins 3 ip address, and only 3 hosts on my internal network can acess the remote network.
When a 4th host try to access the remote network, the ASA shows me the following error: "Err 3 - port map translation creation failed for....src LAN:x.x.x.x dst WAN:x.x.x.x (type 8, code 0)"
What should I do to solve the problem?
I got to use this range this way.
Thanks
Tauer
Solved! Go to Solution.
09-24-2008 08:54 AM
When using a pool of addresses, it is first come first serve.
global (WAN) 8 10.10.10.2-10.10.10.4 netmask 255.255.255.0
So the first host inside will be assigned 10.10.10.2, the 2nd will be assigned 10.10.10.3, the 3rd will be assigned 10.10.10.4. When the 4th host attempts to go out there are no addresses left in the pool for them. This is your issue. So you must add addresses to the pool if you have them or you must PAT (not NAT) the other connections to another address. Or take an address from the pool and use that for PAT. Does that make sense?
09-24-2008 06:50 AM
Typically you would create a global entry for all the other hosts that don't get an address from the nat pool.
global (outside) 1 x.x.x.x
nat (inside) 1 0 0
09-24-2008 07:45 AM
Hi,
today I have the following:
global (WAN) 8 10.10.10.2-10.10.10.4 netmask 255.255.255.0
nat (LAN) 8 access-list LAN_pnat_outbound_V4
access-list LAN_pnat_outbound_V4 extended permit ip any host 10.10.20.1 (this IP is a server on the remote network)
What is wrong or what should I do to fix it?
Can you send an example?
Thanks
Tauer
09-24-2008 08:17 AM
The nat pool is being exhausted. You need to add another address to the pool or use one of the addresses for dynamic PAT.
access-list LAN_pnat_outbound_V4 extended permit ip any host 10.10.20.1
access-list dynamic_pat_outbound extended permit ip any host 10.10.20.1
global (WAN) 8 10.10.10.2-10.10.10.3 netmask 255.255.255.255
global (WAN) 10 10.10.10.4
nat (LAN) 8 access-list LAN_pnat_outbound-V4
nat (LAN) 10 access-list dynamic_pat_outbound
09-24-2008 08:48 AM
This configuration is saying to ASA to NAT all my internal host to 10.10.10.2 and 10.10.10.3 and 10.10.10.4?
If not...how will ASA work with this configuration?
Thanks and sorry...
I have many dificults with this kind of configuration.
Tauer
09-24-2008 08:54 AM
When using a pool of addresses, it is first come first serve.
global (WAN) 8 10.10.10.2-10.10.10.4 netmask 255.255.255.0
So the first host inside will be assigned 10.10.10.2, the 2nd will be assigned 10.10.10.3, the 3rd will be assigned 10.10.10.4. When the 4th host attempts to go out there are no addresses left in the pool for them. This is your issue. So you must add addresses to the pool if you have them or you must PAT (not NAT) the other connections to another address. Or take an address from the pool and use that for PAT. Does that make sense?
09-24-2008 09:50 AM
Yes, it does.
I've tested and work like you said. So I got to adapt my enviroment to this.
Thank you so much
Tauer
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: