cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1103
Views
0
Helpful
19
Replies

No translation group found

netsec123
Level 1
Level 1

Hi. I am getting these over and over. Any ideas?

3|Mar 02 2007 14:42:36|305005: No translation group found for udp src inside:172.22.1.176/32817 dst dmz:192.168.1.103/3052

3|Mar 02 2007 14:42:35|305005: No translation group found for udp src inside:172.22.1.176/32817 dst dmz:192.168.1.106/3052

3|Mar 02 2007 14:42:35|305005: No translation group found for udp src inside:172.22.1.176/32817 dst dmz:192.168.1.101/3052

19 Replies 19

zulqurnain
Level 3
Level 3

hello,

could you tell us more as what are you trying to do when you recevie this message on syslog.

HTH,

Hi. I am not doing anything with syslog. This is the message that comes up on the ASDM display from the ASA5520 unit.

kaachary
Cisco Employee
Cisco Employee

Hi,

This means you do not have a NAT rule defined for traffic from a inside host 172.22.1.176 to go to DMZ host 192.168.1.101.

You need to chekc the natting.

*Please rate if helped.

-Kanishka

Hi Kanishka. I'm sorry. I am SO confused. :( Here is my NAT list - it would appear I do have that NAT but this is sloppy - I know... Any suggestions would be GREATLY GREATLY appreciated!!!

nat-control

global (outside) 1 interface

global (dmz) 1 interface

global (dmz2) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 172.22.1.0 255.255.255.0

nat (inside) 1 172.22.5.0 255.255.255.0

nat (inside) 1 172.22.6.0 255.255.255.0

nat (inside) 1 172.22.7.0 255.255.255.0

nat (inside) 1 172.22.8.0 255.255.255.0

nat (inside) 1 172.22.9.0 255.255.255.0

nat (inside) 1 172.22.10.0 255.255.255.0

nat (inside) 1 172.22.11.0 255.255.255.0

nat (inside) 1 172.22.12.0 255.255.255.0

nat (inside) 1 172.22.13.0 255.255.255.0

nat (inside) 1 172.22.69.0 255.255.255.0

nat (inside) 1 172.22.200.0 255.255.255.0

nat (inside) 1 172.22.210.0 255.255.255.0

nat (inside) 1 192.168.250.0 255.255.255.0

nat (dmz) 1 192.168.1.0 255.255.255.0 tcp 144 200

nat (dmz2) 1 192.168.2.0 255.255.255.0

static (dmz,outside) 65.209.73.135 192.168.1.102 netmask 255.255.255.255

static (dmz,outside) 65.209.73.163 192.168.1.101 netmask 255.255.255.255

static (dmz,outside) 65.209.73.164 192.168.1.103 netmask 255.255.255.255

static (dmz,outside) 65.209.73.165 192.168.1.106 netmask 255.255.255.255

static (dmz,outside) 65.209.73.190 192.168.1.111 netmask 255.255.255.255

static (inside,outside) 65.209.73.162 172.22.1.153 netmask 255.255.255.255

static (inside,outside) 65.209.73.188 172.22.1.152 netmask 255.255.255.255

static (inside,dmz) 192.168.1.150 172.22.1.150 netmask 255.255.255.255

static (inside,dmz) 192.168.1.110 172.22.1.110 netmask 255.255.255.255

static (inside,dmz2) 192.168.2.150 172.22.1.150 netmask 255.255.255.255

static (inside,dmz2) 192.168.2.110 172.22.1.110 netmask 255.255.255.255

static (dmz2,dmz) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

static (inside,outside) 65.209.73.166 172.22.1.103 netmask 255.255.255.255

static (dmz,outside) 65.209.73.167 192.168.1.107 netmask 255.255.255.255

static (inside,dmz2) 172.22.1.0 172.22.1.0 netmask 255.255.255.0

static (dmz,outside) 65.209.73.175 192.168.1.164 netmask 255.255.255.255

static (dmz,outside) 65.209.73.134 192.168.1.165 netmask 255.255.255.255

static (inside,outside) 65.209.73.137 172.22.13.100 netmask 255.255.255.255

static (dmz,outside) 65.209.73.169 192.168.1.105 netmask 255.255.255.255

static (dmz,outside) 65.209.73.168 192.168.1.108 netmask 255.255.255.255

static (dmz,outside) 65.209.73.171 192.168.1.104 netmask 255.255.255.255

static (inside,dmz) 172.22.0.0 172.22.0.0 netmask 255.255.0.0

static (dmz,inside) 65.209.73.165 192.168.1.106 netmask 255.255.255.255

static (dmz,inside) 65.209.73.163 192.168.1.101 netmask 255.255.255.255

static (dmz,inside) 65.209.73.164 192.168.1.103 netmask 255.255.255.255

static (dmz,inside) 65.209.73.190 192.168.1.111 netmask 255.255.255.255

static (dmz,inside) 65.209.73.167 192.168.1.107 netmask 255.255.255.255

static (dmz,inside) 65.209.73.169 192.168.1.105 netmask 255.255.255.255

static (dmz,inside) 65.209.73.168 192.168.1.108 netmask 255.255.255.255

static (inside,outside) 65.209.73.136 172.22.1.1 netmask 255.255.255.255

static (dmz,outside) 65.209.73.129 192.168.1.109 netmask 255.255.255.255

I believe the quick fix would be:

access-list inside_dmz_nat0 permit ip 172.22.0.0 255.255.0.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list inside_dmz_nat0

nat (dmz) 0 access-list inside_dmz_nat0

This should build the xlate slot between your dmz and inside interfaces.

NAT0 any acl to build the xlate from higher security to lower security.

This should work for you.

I'm going to try that now...

This is what I mean about my configuration being sloppy....

INFO: Outside address overlap with static NAT configuration

issue the command " cl xlate " and see if that resolves the issue.

you do have the translation rules defined but there seem to be some stale entry in the translation table which is causing this.

let us know how it goes.

The nat 0 rules defined would help you in this case. Regarding the warning message :

INFO: Outside address overlap with static NAT configuration

you can ignore it, as its just an Informational Message, and would appear whenever you define a NAT 0 rule for the interfaces, where you already have static defined.

In other words, you can just ignore it :)

-Kanishka

THANK YOU BOTH SO MUCH!! I will be trying this, this evening. :) I will certainly let you know the results... :)

HEY, seems to have worked!!! THANK YOU SO MUCH!!!!

Hi,

So what was your last action to this issue?

Thanks, DJ

It worked!!!! Thanks!!!

i guess dj is asking whether " cl xlate " resolved the issue or nat 0 with an access-list resolved it...??

i am eager too to know whether it was mine or kanishka's suggestion which resolved this.

:)

Regards,

Sushil

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: