asa 5540 and nat

Unanswered Question
Jan 3rd, 2008

Hi

Whe have a ASA with three interfaces:

One outside with adresses 193.55.96.X

One DMZ with addresses 192.168.59.X

One inside with addresses 172.36.253.X

Our nat translation are :

on DMZ interface

static 192.168.59.XX any outside 193.55.96.XX

....

on inside interface

static 172.36.253.XX any outside 193.55.96.XX

...

We add another nat rule and all goes wrong (We do not know if it is the cause)

Here are our logs :

Dec 18 15:33:05 193.55.86.108 Dec 18 2007 15:31:29: %ASA-3-305005: No translation group found for icmp src DMZ:192.168.59.4 dst inside:172.36.253.113 (type 8

Dec 18 15:33:09 193.55.86.108 Dec 18 2007 15:31:31: %ASA-3-305005: No translation group found for tcp src DMZ:192.168.59.3/48607 dst inside:172.36.253.21/520

and many other like there (all from dmz to inside)

The rule that we believe we have written:

on inside interface

static 172.36.253.XX 194.26.53.XX (ip address of a computer outside our network) outside 193.55.96.XX

We erase the rule but the problem continued.

Machines on the inside don't respond to ping.

There is no nat beetween DMZ and inside

What can generate this problem (nat configuration error, system problem)?

Thank you for your help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Thu, 01/03/2008 - 07:24

static (inside,DMZ) 172.36.253.0 172.36.253.0 netmask 255.255.255.0

Actions

This Discussion