cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4808
Views
0
Helpful
4
Replies

LU allocate xlate failed

fzctotti0925
Level 1
Level 1

I have two ASA5510 firewalls


Cisco Adaptive Security Appliance Software Version 8.4(4)1
Device Manager Version 6.4(9)

Compiled on Thu 14-Jun-12 11:20 by builders
System image file is "disk0:/asa844-1-k8.bin"
Config file at boot was "startup-config"

 

failover mode is A/S

The standby firewall always appears these logs

Apr 18 2014 16:21:53: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:22:08: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:22:23: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:22:38: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:22:53: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:23:08: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:23:23: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:23:38: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:24:08: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:24:23: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:25:39: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:26:24: %ASA-3-210007: LU allocate xlate failed
Apr 18 2014 16:27:09: %ASA-3-210007: LU allocate xlate failed

Datecenter's ASA5520 has the same problem

I don't know the reason why

1 Accepted Solution

Accepted Solutions

Your NAT statements appear to be in order.

If you have a support contract, I would recommend opening a TAC case for resolution.

View solution in original post

4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

Assuming you have sufficient free memory (the primary cause for this issue)...

There is one old bug that manifests this problem but it should not appear on your 8.4 code.

One other possibility is an overlap between static NAT and NAT exemption configurations. Please double check your configuration for that condition.

I'm sorry i did not reply immediately !

i had checked the memory.

The result show me that not only primary but also secondary both of them have enough memory

Paimary firewall

JP-FW# sh memory
Free memory:         754458944 bytes (70%)
Used memory:         319282880 bytes (30%)
-------------     ------------------
Total memory:       1073741824 bytes (100%)

Secoundary firewall

JP-FW# sh memory
Free memory:         763603096 bytes (71%)
Used memory:         310138728 bytes (29%)
-------------     ------------------
Total memory:       1073741824 bytes (100%)

I had vpn configuration so I use static nat and nat exemption at one time.

but i don't know whether it was overlap or not

following is my configuration

Static NAT

object network 70.77
 nat (inside,outside) static 82.100 service tcp www www
object network 70.80
 nat (inside,outside) static 82.100 service tcp 2302 2302
object network 70.80_3306
 nat (inside,outside) static 82.100 service tcp 3306 3306

--------------------------------------------------------------------------------------------------------------------------

OBJECT

object network local-lan
 subnet 10.192.64.0 255.255.248.0
object network ssl
 subnet 10.10.10.0 255.255.255.0
object network narita
 subnet 10.192.72.0 255.255.248.0
object network asakusa
 subnet 10.192.1.0 255.255.255.0
object network nogedaira
 subnet 10.192.128.0 255.255.255.0
object network hangyou
 subnet 192.168.0.0 255.255.0.0

-------------------------------------------------------------------------------------------------------------------------

NAT EXEMPTION

nat (inside,outside) source static local-lan local-lan destination static ssl ssl
nat (inside,outside) source static local-lan local-lan destination static narita narita
nat (inside,outside) source static local-lan local-lan destination static asakusa asakusa
nat (inside,outside) source static local-lan local-lan destination static hangyou hangyou
nat (inside,outside) source static local-lan local-lan destination static nogedaira nogedaira

 

Your NAT statements appear to be in order.

If you have a support contract, I would recommend opening a TAC case for resolution.

OK I'll try to find the contract and opening a TAC case

Thank you !

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: