Routing Problem

Unanswered Question
Jun 20th, 2007


i hav got Cisco PIX, one of the interface ip address on the pix is, this pix is connected to the core switch which is 3COM switch layer 3, it has got 2 ip address & default gateway ip address to this 3COM switch is

i had given route to reach via, with this PIX could able to ping, which is nothing but the ip address of 3COM switch.

route inside


my PC ip address is, gateway is, with this i can't ping, where as if i set my gateway ip address as, i could able to ping, no access-list nothing configured on 3COM as well as on Cisco PIX for & network.

my question is, if PIX could able to reach, then why not my PC which is having the PIX ip address as gateway couldn't reach?

This is the log i get in the PIX

Jun 21 11:13:25 %PIX-3-106011: Deny inbound (No xlate) icmp src inside: dst inside: (type 8, code 0)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
smothuku Thu, 06/21/2007 - 00:50

Hi Anand ,

meaning of error is ,

. %PIX-3-106011: Deny inbound (No xlate) string

The message will appear under normal traffic conditions if there are internal users that are accessing the Internet via a web browser. Anytime a connection is reset, when the host at the end of the connection sends a packet after the firewall receives the reset, this message will appear. It can typically be ignored.

Recommended Action: Disable this syslog message from getting logged to the syslog server by entering the no logging message 106011 command.

Related documents- No specific documents apply to this error message.



Anand S Thu, 06/21/2007 - 01:39

Hi Satish,

you have just copied & pasted the log message what ever was on the Cisco - Output Interpreter, well even i know that & i have checked the same, but i am looking for a solution. you have just posted the last line, i am looking for the solution which was listed on top of last lines.

amohabir1 Thu, 06/21/2007 - 08:01

Your default gateway should be the ip address on the vlan of the switch.

Why did you make it the default gateway of the firewall??

Did you have a default route of on the layer 3 switch?

deveshkumar Fri, 06/22/2007 - 11:04

Hi anand,

First of all any traffic in Pix iwll be allowed only if translation rules are specified irrespective ot ACL's. that means if you intend to make communication happen between two networks thru pix without performing NAT still you need to specify translation rules which will be identity nat (no nat)

Second by default icmp allowed only on inside interface ( exception PIX will be able to do ping to all conencted network)

try this solution and then let me know with your complete topology with VLAN etc.

access-list nonat permit ip

nat (inside) 0 nonat

then check again and capture log message.

If you give me complete knowledge of as said above i'll be able to solve the issue. you can send me diag on [email protected]


This Discussion