[c-nsp] PIX translation issue
Timothy Arnold
tim at uksolutions.co.uk
Wed Feb 23 09:18:18 EST 2005
I thought that you would need a static (inside, dmz) as you are going
from a higher interface to lower interface? What about your
access-lists ?
Cheers
Tim
On Wed, 2005-02-23 at 08:01 -0600, Eric Helm wrote:
> On this PIX setup, there are 3 interfaces: outside, inside, dmz.
> All networks are not using NAT.
> I'm having an issue a host on the dmz cannot access a host on the inside
> interface, unless the host on the inside network initiates the
> communication first. Once this initial communication is established,
> then the 2 hosts have no issues until the dmz host is rebooted.
> I notice a particular entry in the PIX syslog when the dmz host attempts
> to communicate with the inside host:
> Error Message %PIX-3-305005: No translation group found for protocol src
> interface_name:dest_address/dest_port dst
> interface_name:source_address/source_port
>
> Below is a partial config:
> nat (inside) 0 1.1.1.0 255.255.255.128 0 0
> nat (dmz) 0 2.2.2.0 255.255.255.224 0 0
> static (inside,outside) 1.1.1.0 1.1.1.0 netmask 255.255.255.128 0 0
> static (dmz,outside) 2.2.2.0 2.2.2.0 netmask 255.255.255.224 0 0
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list