No translation group found

Unanswered Question
Mar 3rd, 2007

Hi. I am getting these over and over. Any ideas?

3|Mar 02 2007 14:42:36|305005: No translation group found for udp src inside:172.22.1.176/32817 dst dmz:192.168.1.103/3052

3|Mar 02 2007 14:42:35|305005: No translation group found for udp src inside:172.22.1.176/32817 dst dmz:192.168.1.106/3052

3|Mar 02 2007 14:42:35|305005: No translation group found for udp src inside:172.22.1.176/32817 dst dmz:192.168.1.101/3052

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
zulqurnain Sun, 03/04/2007 - 01:34

hello,

could you tell us more as what are you trying to do when you recevie this message on syslog.

HTH,

netsec123 Sun, 03/04/2007 - 02:07

Hi. I am not doing anything with syslog. This is the message that comes up on the ASDM display from the ASA5520 unit.

kaachary Sun, 03/04/2007 - 05:17

Hi,

This means you do not have a NAT rule defined for traffic from a inside host 172.22.1.176 to go to DMZ host 192.168.1.101.

You need to chekc the natting.

*Please rate if helped.

-Kanishka

netsec123 Sun, 03/04/2007 - 08:10

Hi Kanishka. I'm sorry. I am SO confused. :( Here is my NAT list - it would appear I do have that NAT but this is sloppy - I know... Any suggestions would be GREATLY GREATLY appreciated!!!

nat-control

global (outside) 1 interface

global (dmz) 1 interface

global (dmz2) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 172.22.1.0 255.255.255.0

nat (inside) 1 172.22.5.0 255.255.255.0

nat (inside) 1 172.22.6.0 255.255.255.0

nat (inside) 1 172.22.7.0 255.255.255.0

nat (inside) 1 172.22.8.0 255.255.255.0

nat (inside) 1 172.22.9.0 255.255.255.0

nat (inside) 1 172.22.10.0 255.255.255.0

nat (inside) 1 172.22.11.0 255.255.255.0

nat (inside) 1 172.22.12.0 255.255.255.0

nat (inside) 1 172.22.13.0 255.255.255.0

nat (inside) 1 172.22.69.0 255.255.255.0

nat (inside) 1 172.22.200.0 255.255.255.0

nat (inside) 1 172.22.210.0 255.255.255.0

nat (inside) 1 192.168.250.0 255.255.255.0

nat (dmz) 1 192.168.1.0 255.255.255.0 tcp 144 200

nat (dmz2) 1 192.168.2.0 255.255.255.0

static (dmz,outside) 65.209.73.135 192.168.1.102 netmask 255.255.255.255

static (dmz,outside) 65.209.73.163 192.168.1.101 netmask 255.255.255.255

static (dmz,outside) 65.209.73.164 192.168.1.103 netmask 255.255.255.255

static (dmz,outside) 65.209.73.165 192.168.1.106 netmask 255.255.255.255

static (dmz,outside) 65.209.73.190 192.168.1.111 netmask 255.255.255.255

static (inside,outside) 65.209.73.162 172.22.1.153 netmask 255.255.255.255

static (inside,outside) 65.209.73.188 172.22.1.152 netmask 255.255.255.255

static (inside,dmz) 192.168.1.150 172.22.1.150 netmask 255.255.255.255

static (inside,dmz) 192.168.1.110 172.22.1.110 netmask 255.255.255.255

static (inside,dmz2) 192.168.2.150 172.22.1.150 netmask 255.255.255.255

static (inside,dmz2) 192.168.2.110 172.22.1.110 netmask 255.255.255.255

static (dmz2,dmz) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

static (inside,outside) 65.209.73.166 172.22.1.103 netmask 255.255.255.255

static (dmz,outside) 65.209.73.167 192.168.1.107 netmask 255.255.255.255

static (inside,dmz2) 172.22.1.0 172.22.1.0 netmask 255.255.255.0

static (dmz,outside) 65.209.73.175 192.168.1.164 netmask 255.255.255.255

static (dmz,outside) 65.209.73.134 192.168.1.165 netmask 255.255.255.255

static (inside,outside) 65.209.73.137 172.22.13.100 netmask 255.255.255.255

static (dmz,outside) 65.209.73.169 192.168.1.105 netmask 255.255.255.255

static (dmz,outside) 65.209.73.168 192.168.1.108 netmask 255.255.255.255

static (dmz,outside) 65.209.73.171 192.168.1.104 netmask 255.255.255.255

static (inside,dmz) 172.22.0.0 172.22.0.0 netmask 255.255.0.0

static (dmz,inside) 65.209.73.165 192.168.1.106 netmask 255.255.255.255

static (dmz,inside) 65.209.73.163 192.168.1.101 netmask 255.255.255.255

static (dmz,inside) 65.209.73.164 192.168.1.103 netmask 255.255.255.255

static (dmz,inside) 65.209.73.190 192.168.1.111 netmask 255.255.255.255

static (dmz,inside) 65.209.73.167 192.168.1.107 netmask 255.255.255.255

static (dmz,inside) 65.209.73.169 192.168.1.105 netmask 255.255.255.255

static (dmz,inside) 65.209.73.168 192.168.1.108 netmask 255.255.255.255

static (inside,outside) 65.209.73.136 172.22.1.1 netmask 255.255.255.255

static (dmz,outside) 65.209.73.129 192.168.1.109 netmask 255.255.255.255

hackworth.kenny Sun, 03/04/2007 - 09:32

I believe the quick fix would be:

access-list inside_dmz_nat0 permit ip 172.22.0.0 255.255.0.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list inside_dmz_nat0

nat (dmz) 0 access-list inside_dmz_nat0

This should build the xlate slot between your dmz and inside interfaces.

NAT0 any acl to build the xlate from higher security to lower security.

This should work for you.

netsec123 Sun, 03/04/2007 - 09:48

This is what I mean about my configuration being sloppy....

INFO: Outside address overlap with static NAT configuration

suschoud Mon, 03/05/2007 - 07:29

issue the command " cl xlate " and see if that resolves the issue.

you do have the translation rules defined but there seem to be some stale entry in the translation table which is causing this.

let us know how it goes.

kaachary Mon, 03/05/2007 - 07:36

The nat 0 rules defined would help you in this case. Regarding the warning message :

INFO: Outside address overlap with static NAT configuration

you can ignore it, as its just an Informational Message, and would appear whenever you define a NAT 0 rule for the interfaces, where you already have static defined.

In other words, you can just ignore it :)

-Kanishka

netsec123 Mon, 03/05/2007 - 07:56

THANK YOU BOTH SO MUCH!! I will be trying this, this evening. :) I will certainly let you know the results... :)

suschoud Thu, 03/08/2007 - 09:29

i guess dj is asking whether " cl xlate " resolved the issue or nat 0 with an access-list resolved it...??

i am eager too to know whether it was mine or kanishka's suggestion which resolved this.

:)

Regards,

Sushil

Here is error message and run nat.

ASA-3-305005: No translation group found for udp src inside:loop-syd/18552 dst inside:10.1.1.187/24664

spasa01/pri/act# sh run nat

nat (dmz2) 0 access-list dmz-nova_nat0_outbound

nat (dmz2) 4 srv-nova-web-server 255.255.255.255

nat (dmz2) 22 srv-sydexpress-ol-reports 255.255.255.255

nat (dmz2) 3 srv-sam-certification 255.255.255.255

nat (dmz4) 0 access-list dmz-nortel_nat0_outbound

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 4 net-auckland 255.255.255.0

nat (inside) 1 10.12.139.0 255.255.255.0

nat (inside) 1 10.12.140.0 255.255.255.0 tcp 0 10000

nat (inside) 1 net-ultimo-data-centre 255.255.254.0

nat (dmz3) 0 access-list dmz-rsa_nat0_outbound

nat (dmz3) 1 srv-rsa 255.255.255.255

regards, DJ

Correction.

Here is error message and run nat.

ASA-3-305005: No translation group found for udp src inside:loop-syd/18552 dst inside:10.12.139.187/24664

spasa01/pri/act# sh run nat

nat (dmz2) 0 access-list dmz-nova_nat0_outbound

nat (dmz2) 4 srv-nova-web-server 255.255.255.255

nat (dmz2) 22 srv-sydexpress-ol-reports 255.255.255.255

nat (dmz2) 3 srv-sam-certification 255.255.255.255

nat (dmz4) 0 access-list dmz-nortel_nat0_outbound

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 4 net-auckland 255.255.255.0

nat (inside) 1 10.12.139.0 255.255.255.0

nat (inside) 1 10.12.140.0 255.255.255.0 tcp 0 10000

nat (inside) 1 net-ultimo-data-centre 255.255.254.0

nat (dmz3) 0 access-list dmz-rsa_nat0_outbound

nat (dmz3) 1 srv-rsa 255.255.255.255

regards, DJ

Actions

This Discussion