Can't figure out error in Cisco ASA log "regular translation creation failed for icmp ..."
Posted
by Martijn Heemels
on Server Fault
See other posts from Server Fault
or by Martijn Heemels
Published on 2010-03-25T16:49:43Z
Indexed on
2010/03/25
16:53 UTC
Read the original article
Hit count: 777
Every few seconds our new Cisco ASA 5505 firewall is logging errors that I can't figure out with my limited Cisco experience.
Severity Date Time Syslog ID Source IP Destination IP Description
3 Mar 25 2010 17:21:14 305006 8.8.8.8 regular translation creation failed for icmp src inside:10.10.0.200 dst outside:8.8.8.8 (type 3, code 3)
3 Mar 25 2010 17:18:37 305006 8.8.4.4 regular translation creation failed for icmp src inside:10.10.0.200 dst outside:8.8.4.4 (type 3, code 3)
The logged inside IP is our internal DNS resolver, and the outside IP's are Google's public DNS servers. ICMP Type 3 Code 3 means "Port Unreachable"
Our "outside" interface has a fixed IP and our "inside" interface is in the 10.10.0.0/16 subnet.
The 'Inspect DNS' Service Policy is enabled, with the preset DNS inspection map. Furthermore there's an ACL that allows all inbound ICMP on the "outside" interface.
I've spent hours trying to figure this one out, so any and all advice is welcome!
© Server Fault or respective owner