Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA problem - portmap translation

Hi all,

I have the following configuration:

!

!

interface GigabitEthernet0/3.11

vlan 2

nameif CLIENT

security-level 0

ip address 172.18.0.1 255.255.255.0

!

!

access-list LAN_pnat_outbound_V15 extended permit ip any host 192.168.0.10

!

!

global (LAN-NETSERVICES) 2 interface

!

!

nat (LAN) 11 access-list LAN_pnat_outbound_V15

When I try to access the ip 192.168.0.10, the ASA shows me the message: "portmap translation creation failed for tcp src LAN:10.10.10.50/3684 CLIENT: 192.168.0.10/80"

I think its all configured properly, and I dont know whats is happening.

I dont know what to do anymore...

Please help me

Thanks

Tauer

7 REPLIES
Cisco Employee

Re: ASA problem - portmap translation

The error tells me that 192.168.0.10 lie on " CLIENT " interface.

Put a global for client interface.

global (CLIENT) interface.

Should work.

Do rate helpful posts.

Regards,

Sushil

Green

Re: ASA problem - portmap translation

Don't forget the '11'.

global (CLIENT) 11 interface

Community Member

Re: ASA problem - portmap translation

interface GigabitEthernet0/3.11

vlan 2

nameif CLIENT

security-level 0

ip address 172.18.0.1 255.255.255.0

!

!

access-list LAN_pnat_outbound_V15 extended permit ip any host 192.168.0.10

!

!

global (CLIENT) 11 interface

!

!

nat (LAN) 11 access-list LAN_pnat_outbound_V15

and its NOT working...

please help

Community Member

Re: ASA problem - portmap translation

I can NAT on others interfaces, with anothers pools....

I think i got to clear somethings, or restart any services, because, everything is right....

i did a lot of things and nothing solve this...

Thanks

Cisco Employee

Re: ASA problem - portmap translation

Issue :

cl xlate

cl local

Regards,

Sushil

Community Member

Re: ASA problem - portmap translation

Hi,

I put the command cl xlate, but its still not working.

I'm afraid to issue the command "cl local". What will this command do? Will it to erase some configuration?

Thanks

Tauer

Community Member

Re: ASA problem - portmap translation

Hi...

I would some clarify, if its possible.

I have the configuration:

interface GigabitEthernet0/3.12

vlan 3

nameif PARTNER

security-level 0

ip address 172.16.0.1 255.255.255.0

!

access-list LAN_pnat_outbound_V13 extended permit ip 172.18.0.0 255.255.255.0 any

!

global (PARTNER) 3 interface

!

nat (LAN) 3 access-list LAN_pnat_outbound_V13

With this configuration, I NAT all IP within network 172.18.0.0 255.255.255.0, to any address on interface PARTNER. This is working fine

########################################

but...

I have the configuration:

interface GigabitEthernet0/3.11

vlan 2

nameif CLIENT

security-level 0

ip address 172.20.0.1 255.255.255.0

!

access-list LAN_pnat_outbound_V15 extended permit ip 172.18.0.0 255.255.255.0 any

!

global (CLIENT) 11 interface

!

nat (LAN) 11 access-list LAN_pnat_outbound_V15

This suppose to NAT all address on network 172.20.0.0 255.255.255.0 to any address on interface CLIENT.

This is not working.

###########################################

The questio is:

When I "show runn" the ASA shows me:

nat (LAN) 3 access-list LAN_pnat_outbound_V13

nat (LAN) 11 access-list LAN_pnat_outbound_V15

So...I tried to change the order and put:

nat (LAN) 11 access-list LAN_pnat_outbound_V15

nat (LAN) 3 access-list LAN_pnat_outbound_V13

AND it WORKED...i just do that.

I just change the order

Now please, tell me: WHY? WHY?

Why when I chenge the order the NAT works properly?

Thanks

Tauer

163
Views
0
Helpful
7
Replies
CreatePlease to create content