NAT error message

Unanswered Question
Mar 26th, 2008
User Badges:


i have an internet facing 2600 router in front of a 515 pix cluster

the 2600 nats incoming traffic from ANY host to an internet routable address (destination port 25) and routes it to an internal mail server

i can see the translation table and the nat is working ok

the pix receives the inbound traffic to a specific host on a dmz interface and should apply an acl which allows ANY host to connect to the internal address

however, the pix is complaining with the following error

Mar 26 16:21:59 145.a.a.a Mar 26 2008 14:29:46 Clar-PIX-1 : %PIX-2-106001: Inbound TCP connection denied from 213.b.b.b/2746 to 145.c.c.c/25 flags SYN on interface outside

Mar 26 16:21:59 145.a.a.a Mar 26 2008 14:29:46 Clar-PIX-1 : %PIX-3-305005: No translation group found for tcp src outside:213.b.b.b/2746 dst dmz:145.c.c.c/25

can anyone give me a clue or an idea of what the problem is?

thanks to anyone taking the time to reply

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
johnd2310 Wed, 03/26/2008 - 14:24
User Badges:
  • Silver, 250 points or more


you need to configure nat and statics on the pix. If the pix is not doing any address translation then set NAT0.



mulhollandm Wed, 03/26/2008 - 14:32
User Badges:


many thanks for your reply

i have a nat for the specific internal host as follows

static (dmz,outside) 145.c.c.c 145.c.c.c netmask 0

i also have following

nat (dmz) 1 0 0

thanks for your help


This Discussion