Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PAT Failing for hosts on inside LAN - Shouldn't be hitting ASA at all...

We have a very simple network, which is done the following way:

ASA 5505 > Cisco 3550 > End-User PC's AND One Windows Server

The on-site users constantly access the server for apps such as Exchange. Creating these connections should NEVER involve the ASA (it should stay strictly layer 2, we only have one vlan).

For the past couple months, we have gotten complaints that users are constantly getting disconnected from Outlook, and having problems logging on in the mornings (establishing network connections taking upwards of 30 seconds).

We couldn't see ANYTHING odd happening, until we began looking at syslog this morning:

%ASA-3-305006: portmap translation creation failed for tcp src inside:10.60.1.42/1990 dst inside:10.60.1.200/445

Apparently inside hosts are somehow hitting the ASA and its trying to PAT them? Anyone have any insight into this?

4 REPLIES
New Member

Re: PAT Failing for hosts on inside LAN - Shouldn't be hitting A

As a side note, this seems to be happening for multiple users on this network. The thing I find the most odd is that this traffic is even hitting the firewall, shouldn't the switch have passed it off prior to it making it to the ASA?

Hall of Fame Super Blue

Re: PAT Failing for hosts on inside LAN - Shouldn't be hitting A

Tyler

First most obvious thing to check are the subnet masks on the client devices. Do they all have consistent subnet masks and are they using the same subnet mask as the server ?

Jon

New Member

Re: PAT Failing for hosts on inside LAN - Shouldn't be hitting A

Thanks for the reply, Jon.

We have DHCP enabled on the server, 10.60.1.200, and it hands out information to all host PC's.

I have checked several, and they all have the same mask (/24).

I will be happy to answer any other questions you may have to get this resolved :)

Thanks again,

Tyler

Re: PAT Failing for hosts on inside LAN - Shouldn't be hitting A

as long as u use only local networking between users and server

then u need to narrow the problem between them

try to check if u can ping the server

if port 25 for example reachable from the clients

then check the outlook setting if the server IP and port are setted correctly

because generally when the client see an ip in in diifrent network it will send the packet to its defualt gateway which in ur case should be the ASA

good luck

122
Views
0
Helpful
4
Replies