Can't figure out error in Cisco ASA log "regular translation creation failed for icmp ..."

Posted by Martijn Heemels on Server Fault See other posts from Server Fault or by Martijn Heemels
Published on 2010-03-25T16:49:43Z Indexed on 2010/03/25 16:53 UTC
Read the original article Hit count: 772

Filed under:
|
|
|

Every few seconds our new Cisco ASA 5505 firewall is logging errors that I can't figure out with my limited Cisco experience.

Severity Date        Time        Syslog ID Source IP  Destination IP  Description
3       Mar 25 2010 17:21:14    305006    8.8.8.8                    regular translation creation failed for icmp src inside:10.10.0.200 dst outside:8.8.8.8 (type 3, code 3)
3       Mar 25 2010 17:18:37    305006    8.8.4.4                    regular translation creation failed for icmp src inside:10.10.0.200 dst outside:8.8.4.4 (type 3, code 3)

The logged inside IP is our internal DNS resolver, and the outside IP's are Google's public DNS servers. ICMP Type 3 Code 3 means "Port Unreachable"

Our "outside" interface has a fixed IP and our "inside" interface is in the 10.10.0.0/16 subnet.

The 'Inspect DNS' Service Policy is enabled, with the preset DNS inspection map. Furthermore there's an ACL that allows all inbound ICMP on the "outside" interface.

I've spent hours trying to figure this one out, so any and all advice is welcome!

© Server Fault or respective owner

Related posts about asa

Related posts about cisco