NAT error message

Unanswered Question
Mar 26th, 2008
User Badges:

folks


i have an internet facing 2600 router in front of a 515 pix cluster


the 2600 nats incoming traffic from ANY host to an internet routable address (destination port 25) and routes it to an internal mail server


i can see the translation table and the nat is working ok


the pix receives the inbound traffic to a specific host on a dmz interface and should apply an acl which allows ANY host to connect to the internal address


however, the pix is complaining with the following error


Mar 26 16:21:59 145.a.a.a Mar 26 2008 14:29:46 Clar-PIX-1 : %PIX-2-106001: Inbound TCP connection denied from 213.b.b.b/2746 to 145.c.c.c/25 flags SYN on interface outside


Mar 26 16:21:59 145.a.a.a Mar 26 2008 14:29:46 Clar-PIX-1 : %PIX-3-305005: No translation group found for tcp src outside:213.b.b.b/2746 dst dmz:145.c.c.c/25


can anyone give me a clue or an idea of what the problem is?


thanks to anyone taking the time to reply



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
johnd2310 Wed, 03/26/2008 - 14:24
User Badges:
  • Silver, 250 points or more

hi,


you need to configure nat and statics on the pix. If the pix is not doing any address translation then set NAT0.


Thanks

John

mulhollandm Wed, 03/26/2008 - 14:32
User Badges:

john


many thanks for your reply


i have a nat for the specific internal host as follows


static (dmz,outside) 145.c.c.c 145.c.c.c netmask 255.255.255.255 0


i also have following


nat (dmz) 1 0.0.0.0 0.0.0.0 0 0


thanks for your help


Actions

This Discussion