NAT problem when upgrading from 6.1 to 6.3.3

vmonte · ‎02-27-2004

hi,

I've upgraded from a 6.1 (UL) to 6.3.3 (UL) and i'am having problem with dynamic NAT and also PAT : nothing is working (pix sends syslog message like "unable to create translation for xxxxxxx).

The same configuration is working well on 6.1 without problems.

Does anybody having the same problem ?

here is a copy of the nat commands :

global (outside) 1 62.23.181.123

global (outside) 2 62.23.181.122

nat (inside) 1 172.17.66.0 255.255.255.0 0 0

nat (inside) 1 172.20.0.0 255.255.255.0 0 0

nat (dmz1) 2 CALYPSO 255.255.255.255 0 0

thanks in advance

nkhawaja · ‎02-29-2004

hi,

what is the translation address in the syslog message? do you have the syslog server setup?

if syslogging to the server is TCP based then you could have this issue.

Thanks

Nadeem

vmonte · ‎03-01-2004

Hi Nadeem,

We use standard UDP syslog (UDP 514)

Here is a sample of message received on it :

Feb 25 19:04:45 pix1 Feb 25 2004 19:03:58: %PIX-3-305006: portmap translation creation failed for tcp src inside:HYPERION/1776 dst outside:69.50.184.199/6667

Feb 25 19:12:46 pix1 Feb 25 2004 19:11:58: %PIX-3-305006: portmap translation creation failed for tcp src inside:HYPERION/1802 dst outside:69.50.184.199/6667

Feb 25 19:12:52 pix1 Feb 25 2004 19:12:05: %PIX-3-305006: portmap translation creation failed for tcp src inside:HYPERION/1802 dst outside:69.50.184.199/666

thanks

nkhawaja · ‎03-01-2004

Hi,

What does the "show xlat count" and "show conn count" says?

Thanks

Nadeem

vmonte · ‎03-04-2004

Hi,

sh xlate count shows nothing.

I've tried to copy once more the FOS 6.3.3 and has nothing change

So i've decided to clear the flashfs (even if it's written to use only when downgrade).

And after that, all seems to work fine.

Is it possible to have a problem when upgrading the FOS because of some parts of info kept in flash which interfere with some functions of the PIX ?

thanks