asa 5540 and nat

Unanswered Question
Jan 3rd, 2008
User Badges:


Whe have a ASA with three interfaces:

One outside with adresses 193.55.96.X

One DMZ with addresses 192.168.59.X

One inside with addresses 172.36.253.X

Our nat translation are :

on DMZ interface

static 192.168.59.XX any outside 193.55.96.XX


on inside interface

static 172.36.253.XX any outside 193.55.96.XX


We add another nat rule and all goes wrong (We do not know if it is the cause)

Here are our logs :

Dec 18 15:33:05 Dec 18 2007 15:31:29: %ASA-3-305005: No translation group found for icmp src DMZ: dst inside: (type 8

Dec 18 15:33:09 Dec 18 2007 15:31:31: %ASA-3-305005: No translation group found for tcp src DMZ: dst inside:

and many other like there (all from dmz to inside)

The rule that we believe we have written:

on inside interface

static 172.36.253.XX 194.26.53.XX (ip address of a computer outside our network) outside 193.55.96.XX

We erase the rule but the problem continued.

Machines on the inside don't respond to ping.

There is no nat beetween DMZ and inside

What can generate this problem (nat configuration error, system problem)?

Thank you for your help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Thu, 01/03/2008 - 07:24
User Badges:
  • Green, 3000 points or more

static (inside,DMZ) netmask


This Discussion