Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
311
Views
0
Helpful
4
Replies

PAT Failing for hosts on inside LAN - Shouldn't be hitting ASA at all...

tylerlucas
Level 1
Level 1

‎10-17-2008 10:28 AM - edited ‎03-06-2019 02:00 AM

We have a very simple network, which is done the following way:

ASA 5505 > Cisco 3550 > End-User PC's AND One Windows Server

The on-site users constantly access the server for apps such as Exchange. Creating these connections should NEVER involve the ASA (it should stay strictly layer 2, we only have one vlan).

For the past couple months, we have gotten complaints that users are constantly getting disconnected from Outlook, and having problems logging on in the mornings (establishing network connections taking upwards of 30 seconds).

We couldn't see ANYTHING odd happening, until we began looking at syslog this morning:

%ASA-3-305006: portmap translation creation failed for tcp src inside:10.60.1.42/1990 dst inside:10.60.1.200/445

Apparently inside hosts are somehow hitting the ASA and its trying to PAT them? Anyone have any insight into this?

Labels:
0 Helpful
4 Replies 4

tylerlucas
Level 1
Level 1

‎10-17-2008 01:07 PM

As a side note, this seems to be happening for multiple users on this network. The thing I find the most odd is that this traffic is even hitting the firewall, shouldn't the switch have passed it off prior to it making it to the ASA?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎10-17-2008 02:37 PM

Tyler

First most obvious thing to check are the subnet masks on the client devices. Do they all have consistent subnet masks and are they using the same subnet mask as the server ?

Jon

0 Helpful

tylerlucas
Level 1
Level 1
In response to Jon Marshall

‎10-17-2008 03:22 PM

Thanks for the reply, Jon.

We have DHCP enabled on the server, 10.60.1.200, and it hands out information to all host PC's.

I have checked several, and they all have the same mask (/24).

I will be happy to answer any other questions you may have to get this resolved :)

Thanks again,

Tyler

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to tylerlucas

‎10-17-2008 04:49 PM

as long as u use only local networking between users and server

then u need to narrow the problem between them

try to check if u can ping the server

if port 25 for example reachable from the clients

then check the outlook setting if the server IP and port are setted correctly

because generally when the client see an ip in in diifrent network it will send the packet to its defualt gateway which in ur case should be the ASA

good luck

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card