portmap translation creation failed??

ewieczorek · ‎09-26-2002

Hello.

I've been monitoring my the syslog messages from my PIX and have noticed the following message appear several times...

portmap translation creation failed for udp src inside:xx.xx.xxx.xxx/3902 dst outside:24.169.241.51/53

What does this mean?

Thank you.

steve.barlow · ‎09-26-2002

Your internal PC tried to make a connection (DNS) to the outside but the translation failed. Could be due to internal error or config error. If that PC isn't supposed to make a DNS request, find out why it's doing it and stop it. If it is supposed to be allowed, post the message severity number (eg %PIX-6-305006), and make sure there is a NAT or static for it.

Steve

ewieczorek · ‎09-26-2002

The message severity number is %PIX-3-305006?

This internal PC is my Exchange 5.5 server.

Here is what I have for NAT and static.. Any help would be much appreciated. I'm new to this.

global (outside) 1 interface

nat (inside) 2 xx.xx.xxx.xxx 255.255.255.255 0 0

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (dmz1) 1 172.16.10.0 255.255.255.0 0 0

static (inside,outside) tcp 24.123.123.210 smtp xx.xx.xxx.xxx smtp netmask

steve.barlow · ‎09-26-2002

Your exchange server only has a static NAT for port 25 (SMTP). So when your exchange server is trying to go out on port 53 (DNS), it fails due to no static mapping - ie the pix can't perform the translation as there is no rule. So, you have 2 choices:

1) static (inside,outside) 24.123.123.210 xx.xx.xxx.xxx smtp netmask (ie remove the tcp and smtp so it can go out on all ports)

2) Stop the exchange server from making DNS requests.

Hope it helps.

Steve

ewieczorek · ‎09-26-2002

That does help. Thanks for the info.