10-17-2008 10:28 AM - edited 03-06-2019 02:00 AM
We have a very simple network, which is done the following way:
ASA 5505 > Cisco 3550 > End-User PC's AND One Windows Server
The on-site users constantly access the server for apps such as Exchange. Creating these connections should NEVER involve the ASA (it should stay strictly layer 2, we only have one vlan).
For the past couple months, we have gotten complaints that users are constantly getting disconnected from Outlook, and having problems logging on in the mornings (establishing network connections taking upwards of 30 seconds).
We couldn't see ANYTHING odd happening, until we began looking at syslog this morning:
%ASA-3-305006: portmap translation creation failed for tcp src inside:10.60.1.42/1990 dst inside:10.60.1.200/445
Apparently inside hosts are somehow hitting the ASA and its trying to PAT them? Anyone have any insight into this?
10-17-2008 01:07 PM
As a side note, this seems to be happening for multiple users on this network. The thing I find the most odd is that this traffic is even hitting the firewall, shouldn't the switch have passed it off prior to it making it to the ASA?
10-17-2008 02:37 PM
Tyler
First most obvious thing to check are the subnet masks on the client devices. Do they all have consistent subnet masks and are they using the same subnet mask as the server ?
Jon
10-17-2008 03:22 PM
Thanks for the reply, Jon.
We have DHCP enabled on the server, 10.60.1.200, and it hands out information to all host PC's.
I have checked several, and they all have the same mask (/24).
I will be happy to answer any other questions you may have to get this resolved :)
Thanks again,
Tyler
10-17-2008 04:49 PM
as long as u use only local networking between users and server
then u need to narrow the problem between them
try to check if u can ping the server
if port 25 for example reachable from the clients
then check the outlook setting if the server IP and port are setted correctly
because generally when the client see an ip in in diifrent network it will send the packet to its defualt gateway which in ur case should be the ASA
good luck
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: