12-20-2011 01:33 AM - edited 03-11-2019 03:04 PM
Hi i keep getting an error message, ive tried several things to resolve it but still no succes.
This is the exact error message:
regular translation creation failed for protocol 41 src Customer: dst outside: |
Does anyone know how to resolve this?
thanks already
Solved! Go to Solution.
12-20-2011 05:32 AM
Jan,
Thanks for the reply.
If you are not using IPv6 and you have no problems in the network then you can safely ignore this message.
However if you look at this message we see the source as Helpdesk_Bastion machine and destination as
83.80.22.214.
What kind of a machine is this "Helpdesk_Bastion"? Is this Windows 7? Because they use IPv6 to IPv4 by default?
There are 2 ways to ignore this message.
1. Disable this log message.
no logging message 305006.
But i'll not recommend it, because it will completely disable this log message to print and if sometime in future there is some valid traffic failing through the ASA due to nat then we will never come to know about this log message.
2. We can rate limit this log message, to not appear everytime ASA sees this kind of packet
logging rate-limit 10 3600 message 305006.
This will print this log message 10 times in 3600 seconds i.e 1 hr.
Meanwhile you can if host "Helpdesk_Bastion" is sending some IPV6 traffic? And Why?
Puneet
"Please rate the post if your questions are answered."
12-20-2011 04:25 AM
Jan
IP protocol 41 is a tunneling protocol which is used to encapsulate IPv6 packets within IPv4,
The direct encapsulation of IPv6 datagrams within IPv4 packets is indicated by IP protocol number 41.
Are you using IPv6 in your network?
This log indicates that a packet is trying to make out from your network using Source Interface named Customer and destination interface Outside but doesnt have a nat entry to go out.
Can you please post the complete log along with ip addresses if you see something there?
Can you please post your configuration here for us to help you out further on this?
The ASA does not translate and IPv6 traffic.
Are you just worried about something not working looking at the log message? Or is there something which cannot work due to this?
Puneet
12-20-2011 05:16 AM
Hi thanks for your replie
I am not using ipv6.
There are no problems what so ever i just like to resolve the error message.
I have posted my config and a printscreen of the error message
12-20-2011 05:32 AM
Jan,
Thanks for the reply.
If you are not using IPv6 and you have no problems in the network then you can safely ignore this message.
However if you look at this message we see the source as Helpdesk_Bastion machine and destination as
83.80.22.214.
What kind of a machine is this "Helpdesk_Bastion"? Is this Windows 7? Because they use IPv6 to IPv4 by default?
There are 2 ways to ignore this message.
1. Disable this log message.
no logging message 305006.
But i'll not recommend it, because it will completely disable this log message to print and if sometime in future there is some valid traffic failing through the ASA due to nat then we will never come to know about this log message.
2. We can rate limit this log message, to not appear everytime ASA sees this kind of packet
logging rate-limit 10 3600 message 305006.
This will print this log message 10 times in 3600 seconds i.e 1 hr.
Meanwhile you can if host "Helpdesk_Bastion" is sending some IPV6 traffic? And Why?
Puneet
"Please rate the post if your questions are answered."
12-20-2011 05:42 AM
Hi puneet
Thanks very much for the replies, the helpdesk is a windows 7 computer. im going to check all the thing you mentioned above.
Thanks for youre help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide