cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
241
Views
0
Helpful
2
Replies

NAT error message

mulhollandm
Level 1
Level 1

folks

i have an internet facing 2600 router in front of a 515 pix cluster

the 2600 nats incoming traffic from ANY host to an internet routable address (destination port 25) and routes it to an internal mail server

i can see the translation table and the nat is working ok

the pix receives the inbound traffic to a specific host on a dmz interface and should apply an acl which allows ANY host to connect to the internal address

however, the pix is complaining with the following error

Mar 26 16:21:59 145.a.a.a Mar 26 2008 14:29:46 Clar-PIX-1 : %PIX-2-106001: Inbound TCP connection denied from 213.b.b.b/2746 to 145.c.c.c/25 flags SYN on interface outside

Mar 26 16:21:59 145.a.a.a Mar 26 2008 14:29:46 Clar-PIX-1 : %PIX-3-305005: No translation group found for tcp src outside:213.b.b.b/2746 dst dmz:145.c.c.c/25

can anyone give me a clue or an idea of what the problem is?

thanks to anyone taking the time to reply

2 Replies 2

johnd2310
Level 8
Level 8

hi,

you need to configure nat and statics on the pix. If the pix is not doing any address translation then set NAT0.

Thanks

John

**Please rate posts you find helpful**

john

many thanks for your reply

i have a nat for the specific internal host as follows

static (dmz,outside) 145.c.c.c 145.c.c.c netmask 255.255.255.255 0

i also have following

nat (dmz) 1 0.0.0.0 0.0.0.0 0 0

thanks for your help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: