NAT error message

Unanswered Question
Mar 26th, 2008

folks

i have an internet facing 2600 router in front of a 515 pix cluster

the 2600 nats incoming traffic from ANY host to an internet routable address (destination port 25) and routes it to an internal mail server

i can see the translation table and the nat is working ok

the pix receives the inbound traffic to a specific host on a dmz interface and should apply an acl which allows ANY host to connect to the internal address

however, the pix is complaining with the following error

Mar 26 16:21:59 145.a.a.a Mar 26 2008 14:29:46 Clar-PIX-1 : %PIX-2-106001: Inbound TCP connection denied from 213.b.b.b/2746 to 145.c.c.c/25 flags SYN on interface outside

Mar 26 16:21:59 145.a.a.a Mar 26 2008 14:29:46 Clar-PIX-1 : %PIX-3-305005: No translation group found for tcp src outside:213.b.b.b/2746 dst dmz:145.c.c.c/25

can anyone give me a clue or an idea of what the problem is?

thanks to anyone taking the time to reply

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
johnd2310 Wed, 03/26/2008 - 14:24

hi,

you need to configure nat and statics on the pix. If the pix is not doing any address translation then set NAT0.

Thanks

John

mulhollandm Wed, 03/26/2008 - 14:32

john

many thanks for your reply

i have a nat for the specific internal host as follows

static (dmz,outside) 145.c.c.c 145.c.c.c netmask 255.255.255.255 0

i also have following

nat (dmz) 1 0.0.0.0 0.0.0.0 0 0

thanks for your help

Actions

This Discussion