Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

%ASA-3-305006: {outbound static|identity|portmap|regular) translation creation failed for protocol src interface_name:source_address/source_port dst interface_name:dest_address/dest_port

Boa tarde.

Estou tendo problemas com usuários que tem um client VPN da Microsoft no computador deles, quando eles acessam via VPN fica na tela de autenticação de

usuário e senha e não conecta, o acesso é para um servidor VPN Microsoft, quando não passa pelo Cisco ASA a conexão é feita normalmente. A mensagem de log

que aparece no ASA no momento de tentativa de conexão é a seguinte: regular translation creation failed for protocol 47 src FUNCIONARIOS: 172.22.1.103 dst

INTERNET: 187.0.69.104.

%ASA-3-305006: {outbound static|identity|portmap|regular) translation

creation failed for protocol src interface_name:source_address/source_port dst

interface_name:dest_address/dest_port

Por favor, preciso de uma solução para esse caso.

Everyone's tags (2)
3 REPLIES
New Member

%ASA-3-305006: {outbound static|identity|portmap|regular) transl

Ola,

Isto parece ser um problema de NAT

Poderia agregar a configuracao do ASA ao post? .

Muito obrigado

New Member

%ASA-3-305006: {outbound static|identity|portmap|regular) transl

Olá Luis,

Segue o sh run do ASA:

FW-KROTONSP-01# sh run

: Saved

:

ASA Version 8.2(2)17

!

hostname FW-KROTONSP-01

domain-name iuni.com.br

enable password YfYLS7kj9mYc6YnA encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

name 172.22.0.20 Server description Server AD_DNS_ DHCP

name 189.38.242.106 AJATO description LINK INTERNET AJATO 4 MB

dns-guard

!

interface Ethernet0/0

speed 100

duplex full

nameif INTERNET

security-level 0

ip address dhcp setroute

!

interface Ethernet0/1

description ***TRUNK_802.1Q***

no nameif

no security-level

no ip address

!

interface Ethernet0/1.2

description REDE DE SERVIDORES

vlan 2

nameif SERVIDORES

security-level 90

ip address 172.22.0.1 255.255.255.224

!

interface Ethernet0/1.5

vlan 5

nameif TERCEIROS

security-level 80

ip address 172.22.0.129 255.255.255.224

!

interface Ethernet0/1.7

description EQUIPAMENTOS DE VIDEO CONFERENCIA

vlan 7

nameif VIDEO-CONFERENCIA

security-level 90

ip address 172.22.0.97 255.255.255.248

!

interface Ethernet0/1.8

description REDE DOS EQUIPAMENTOS DE CONTROLE DE PONTO

vlan 8

nameif RELOGIOS-DE-PONTO

security-level 90

ip address 172.22.0.105 255.255.255.248

!

interface Ethernet0/1.9

vlan 9

nameif CAMERAS

security-level 0

ip address 172.22.0.94 255.255.255.240

!

interface Ethernet0/1.10

vlan 10

nameif FUNCIONARIOS

security-level 90

ip address 172.22.1.1 255.255.255.0

!

interface Ethernet0/1.11

description REDE DAS IMPRESSORAS E SERVIDOR DE IMPRESSAO

vlan 11

nameif IMPRESSORAS

security-level 90

ip address 172.22.0.33 255.255.255.240

!

interface Ethernet0/2

description CONEXAO COM A REDE WAN IUNI

speed 100

duplex full

nameif WAN-CORPORATIVO

security-level 90

ip address 172.22.0.113 255.255.255.240

!

interface Ethernet0/3

speed 100

duplex full

no nameif

no security-level

no ip address

!

interface Ethernet0/3.13

description REDE BARRACUDA

vlan 13

nameif GERENCIA-BARRACUDA

security-level 90

ip address 172.22.0.161 255.255.255.240

!

interface Management0/0

shutdown

no nameif

no security-level

no ip address

!

boot system disk0:/asa822-17-k8.bin

boot system disk0:/asa822-k8.bin

ftp mode passive

clock timezone BR -3

dns server-group DefaultDNS

domain-name iuni.com.br

same-security-traffic permit inter-interface

object-group protocol DM_INLINE_PROTOCOL_1

protocol-object ip

protocol-object icmp

object-group service DM_INLINE_SERVICE_2

service-object icmp

service-object tcp eq www

service-object tcp eq https

service-object udp eq 2055

object-group service DM_INLINE_SERVICE_1

service-object icmp

service-object tcp eq www

service-object tcp eq https

service-object udp eq 2055

service-object udp eq ntp

object-group service DM_INLINE_SERVICE_3

service-object gre

service-object esp

service-object ah

service-object tcp-udp eq 1723

service-object tcp-udp eq 500

service-object udp eq isakmp

object-group service DM_INLINE_SERVICE_4

service-object gre

service-object esp

service-object ah

service-object tcp-udp eq 1723

service-object tcp-udp eq 500

service-object udp eq isakmp

access-list TERCEIROS_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any

access-list INTERNET_access_in extended permit object-group DM_INLINE_SERVICE_4 any host 187.0.69.104 inactive

access-list INTERNET_access_in extended permit object-group DM_INLINE_SERVICE_1 any any

access-list FUNCIONARIOS_access_in extended permit ip any any

access-list RELOGIOS-DE-PONTO_access_in extended permit ip any any

access-list VIDEO-CONFERENCIA_access_in extended permit ip any any

access-list GERENCIAMENTO_access_in extended permit ip any any

access-list WAN-CORPORATIVO_access_in extended permit ip any any

access-list SERVIDORES_access_in extended permit ip any any

access-list IMPRESSORAS_access_in extended permit ip any any

access-list ACESSOEXTERNO extended permit tcp any interface INTERNET eq pptp

access-list ACESSOEXTERNO extended permit tcp any interface INTERNET eq 47

access-list ACESSOEXTERNO extended permit gre any interface INTERNET

access-list CAMERAS_access_in extended permit ip any any

access-list SPEEDY_access_in extended permit object-group DM_INLINE_SERVICE_2 any 10.0.0.0 255.0.0.0

access-list SERVIDORES_access_in_1 extended permit ip any any

access-list GERENCIA-BARRACUDA_access_in extended permit ip any any

access-list GERENCIA-BARRACUDA_nat0_outbound extended permit ip 172.22.0.160 255.255.255.240 172.16.0.0 255.240.0.0

pager lines 24

logging enable

logging asdm informational

no logging message 106015

no logging message 313001

no logging message 313008

no logging message 106023

no logging message 710003

no logging message 106100

no logging message 302015

no logging message 302014

no logging message 302013

no logging message 302018

no logging message 302017

no logging message 302016

no logging message 302021

no logging message 302020

flow-export template timeout-rate 1

mtu INTERNET 1500

mtu SERVIDORES 1500

mtu TERCEIROS 1500

mtu VIDEO-CONFERENCIA 1500

mtu RELOGIOS-DE-PONTO 1500

mtu CAMERAS 1500

mtu FUNCIONARIOS 1500

mtu IMPRESSORAS 1500

mtu WAN-CORPORATIVO 1500

mtu GERENCIA-BARRACUDA 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-625-53.bin

no asdm history enable

arp timeout 14400

global (INTERNET) 1 interface

nat (SERVIDORES) 1 172.22.0.0 255.255.255.224

nat (TERCEIROS) 1 172.22.0.128 255.255.255.224

nat (VIDEO-CONFERENCIA) 1 172.22.0.96 255.255.255.248

nat (FUNCIONARIOS) 1 172.22.1.0 255.255.255.0

nat (GERENCIA-BARRACUDA) 0 access-list GERENCIA-BARRACUDA_nat0_outbound

nat (GERENCIA-BARRACUDA) 1 172.22.0.160 255.255.255.240

static (SERVIDORES,INTERNET) tcp interface https 172.22.0.21 https netmask 255.255.255.255

static (SERVIDORES,INTERNET) tcp interface www 172.22.0.21 www netmask 255.255.255.255

static (SERVIDORES,INTERNET) udp interface 2055 172.22.0.21 2055 netmask 255.255.255.255

static (VIDEO-CONFERENCIA,WAN-CORPORATIVO) 172.22.0.96 172.22.0.96 netmask 255.255.255.248

static (GERENCIA-BARRACUDA,FUNCIONARIOS) 172.22.0.160 172.22.0.160 netmask 255.255.255.240

static (GERENCIA-BARRACUDA,SERVIDORES) 172.22.0.160 172.22.0.160 netmask 255.255.255.240

static (SERVIDORES,WAN-CORPORATIVO) 172.22.0.0 172.22.0.0 netmask 255.255.255.224

static (SERVIDORES,FUNCIONARIOS) 172.22.0.0 172.22.0.0 netmask 255.255.255.224

static (SERVIDORES,IMPRESSORAS) 172.22.0.0 172.22.0.0 netmask 255.255.255.224

static (SERVIDORES,CAMERAS) 172.22.0.0 172.22.0.0 netmask 255.255.255.224

static (SERVIDORES,GERENCIA-BARRACUDA) 172.22.0.0 172.22.0.0 netmask 255.255.255.224

static (FUNCIONARIOS,IMPRESSORAS) 172.22.1.0 172.22.1.0 netmask 255.255.255.0

static (FUNCIONARIOS,WAN-CORPORATIVO) 172.22.1.0 172.22.1.0 netmask 255.255.255.0

static (FUNCIONARIOS,RELOGIOS-DE-PONTO) 172.22.1.0 172.22.1.0 netmask 255.255.255.0

static (FUNCIONARIOS,VIDEO-CONFERENCIA) 172.22.1.0 172.22.1.0 netmask 255.255.255.0

static (FUNCIONARIOS,CAMERAS) 172.22.1.0 172.22.1.0 netmask 255.255.255.0

static (FUNCIONARIOS,SERVIDORES) 172.22.1.0 172.22.1.0 netmask 255.255.255.0

static (FUNCIONARIOS,GERENCIA-BARRACUDA) 172.22.1.0 172.22.1.0 netmask 255.255.255.0

access-group SERVIDORES_access_in_1 in interface SERVIDORES

access-group TERCEIROS_access_in in interface TERCEIROS

access-group VIDEO-CONFERENCIA_access_in in interface VIDEO-CONFERENCIA

access-group RELOGIOS-DE-PONTO_access_in in interface RELOGIOS-DE-PONTO

access-group CAMERAS_access_in in interface CAMERAS

access-group FUNCIONARIOS_access_in in interface FUNCIONARIOS

access-group IMPRESSORAS_access_in in interface IMPRESSORAS

access-group WAN-CORPORATIVO_access_in in interface WAN-CORPORATIVO

access-group GERENCIA-BARRACUDA_access_in in interface GERENCIA-BARRACUDA

route INTERNET 0.0.0.0 0.0.0.0 10.10.10.1 1

route WAN-CORPORATIVO 172.16.0.0 255.240.0.0 172.22.0.115 1

route WAN-CORPORATIVO 192.168.0.0 255.255.0.0 172.22.0.115 1

route WAN-CORPORATIVO 192.168.200.77 255.255.255.255 172.22.0.117 1

route WAN-CORPORATIVO 192.168.200.77 255.255.255.255 172.22.0.115 2

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

http server enable

http 172.22.0.0 255.255.0.0 FUNCIONARIOS

http 172.16.3.0 255.255.255.0 WAN-CORPORATIVO

snmp-server host WAN-CORPORATIVO 172.16.1.38 community ***** version 2c

snmp-server location IUNI SP - TI

snmp-server contact TI

snmp-server community *****

snmp-server enable traps snmp authentication linkup linkdown coldstart

sysopt connection preserve-vpn-flows

sla monitor 2

type echo protocol ipIcmpEcho 8.8.8.8 interface INTERNET

sla monitor schedule 2 life forever start-time now

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto isakmp enable INTERNET

!

track 2 rtr 2 reachability

telnet timeout 5

ssh 172.22.0.0 255.255.0.0 FUNCIONARIOS

ssh 172.16.3.0 255.255.255.0 WAN-CORPORATIVO

ssh timeout 5

console timeout 0

management-access FUNCIONARIOS

dhcp-client broadcast-flag

dhcp-client client-id interface INTERNET

dhcpd address 172.22.1.20-172.22.1.254 FUNCIONARIOS

dhcpd dns 172.22.0.12 172.22.0.7 interface FUNCIONARIOS

dhcpd lease 86400 interface FUNCIONARIOS

!

dhcprelay server Server SERVIDORES

dhcprelay enable FUNCIONARIOS

dhcprelay setroute FUNCIONARIOS

dhcprelay timeout 60

threat-detection basic-threat

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ntp server 172.22.0.18 source SERVIDORES prefer

webvpn

username admin password d1BhzXjLo5Qf5InA encrypted privilege 15

!

class-map pptpport

match port tcp eq 47

class-map inspection_default

!

!

policy-map global_policy

class inspection_default

  inspect ipsec-pass-thru

  inspect pptp

policy-map PPTPPORT

class pptpport

  inspect pptp

!

service-policy global_policy global

service-policy PPTPPORT interface INTERNET

prompt hostname context

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:7644fb50e7117f663954450808999aaa

: end

FW-KROTONSP-01#

New Member

%ASA-3-305006: {outbound static|identity|portmap|regular) transl

Boa tarde.

Até hoje eu não consegui resolver essa questão do bloqueio da VPN, alguem já teve esse problema e conseguiu solucionar?

825
Views
0
Helpful
3
Replies