[c-nsp] PIX translation issue
Eric Helm
helmwork at ruraltel.net
Wed Feb 23 09:01:08 EST 2005
On this PIX setup, there are 3 interfaces: outside, inside, dmz.
All networks are not using NAT.
I'm having an issue a host on the dmz cannot access a host on the inside
interface, unless the host on the inside network initiates the
communication first. Once this initial communication is established,
then the 2 hosts have no issues until the dmz host is rebooted.
I notice a particular entry in the PIX syslog when the dmz host attempts
to communicate with the inside host:
Error Message %PIX-3-305005: No translation group found for protocol src
interface_name:dest_address/dest_port dst
interface_name:source_address/source_port
Below is a partial config:
nat (inside) 0 1.1.1.0 255.255.255.128 0 0
nat (dmz) 0 2.2.2.0 255.255.255.224 0 0
static (inside,outside) 1.1.1.0 1.1.1.0 netmask 255.255.255.128 0 0
static (dmz,outside) 2.2.2.0 2.2.2.0 netmask 255.255.255.224 0 0
More information about the cisco-nsp
mailing list