cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
338
Views
0
Helpful
3
Replies

Doubt about Nat0

sivakumar.ks
Level 1
Level 1

Hi,

I am receiving following message in my syslog server related to PIX 525 IOS version 7.2

PIX-3-305005: No translation group found for udp src outside:10.3.210.155/57156 dst inside:svhm-dc1/53

The traffic 10.3.210.155 is outside the PIX interface and svhm-dc1 is behind the inside interface. I have nat0 rule for inside the subnet (svhm-dc1) so that it will send the traffic as it is without natting. But as per syslog description I need to do nat0 on 10.3.210.155 which is outside the pix interface. I would like to know how solve this configuration error issue.

Cheers,

siva

1 Accepted Solution

Accepted Solutions

you only need to define a static to allow traffic from outside to access the server placed behind inside. like

static(inside,outside) svhm-dc1 svhm-dc1 netmask 255.255.255.255

it will resovle the issue 100%.

View solution in original post

3 Replies 3

purohit_810
Level 5
Level 5

Have you an access-list accordingly?

Can you give me your configuration?

It should be like this....Ex

static (inside,outside) udp interface 137 INTERNALIPADDRESS 137 netmask 255.255.255.255

access-list outside2inside permit udp any interface outside eq 137

access-group outside2inside in interface outside

OR

static (inside,outside) udp PUBLICIP 137 INTERNALIPADDRESS 137 netmask 255.255.255.255

access-list outside2inside permit udp any host PUBLICIP eq 137

access-group outside2inside in interface outside

Thanks,

Dharmesh Putohiy

Hi Dharmesh,

My config is 1400 lines. So I can't send that. But here I have pasted the access-group which has corresponding access list.

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

nat (inside) 0 access-list inside_nat0_acl

host svhm-dc1 is sitting behind PIX inside interface and host 10.3.210.155 is sitting outside the PIX interface and I am using NAT0 for inside interface to communication with 10.3.210.155.

Let me know whether this information is enough or not.

Cheers,

siva

you only need to define a static to allow traffic from outside to access the server placed behind inside. like

static(inside,outside) svhm-dc1 svhm-dc1 netmask 255.255.255.255

it will resovle the issue 100%.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: