I tried all this options

static (outside,inside) 172.16.0.0 172.16.0.0 netmask 255.255.255.0

and

nat(outside) 0 172.16.0.0 255.255.255.0

still its not working

i am getting this error

%PIX-3-305005: No translation group found for icmp src outside:172.16.31.50 dst inside:192.168.1.15 (type 8, code 0)

all access-list also ther....

Hi,

You have to nat inside on outside...

For example, if you have an internal inside network 192.168.1.0/24:

static (inside,outside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

I hope this helps.

Best regards.

Massimiliano.

Hi,

thanks for y r reply.but i am using no-nat (nat 0 ) for 192.168.1.0 network.then why should i go for static.Only one is wnough ryt..?

Note : my requirement is i wanna to give access from 172.16.31.0 (outside) network to 192.168.1.0 (inside ) network.

Plz have my config attached and guide me in correct direction...i already lost myself...

If you want to access to host on inside network you must use static.

If you can remove nat0 and try with:

static (inside,outside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

Let me know.

Massimiliano.

thanks for u r reply...

I will try that next mrg and let you know..

Regard's

Prabath

Hi,

Be careful if you are in a production network.

If you remove and/or insert the command nat0 or static you could experience loss of connections.

I hope this helps.

Best regards.

Massimiliano.

Hi,

Yes i am in production network but yesterday i tried with the commeand

static (inside,outside) 192.168.0.0 .168.0.0 255.255.252.0 0 0

but still there is no progress.But everything else is work working fine only the outside network to inside access is not happening.when i am trying to ping from outside to inside server i will get the nat translation error msg.

thanks

prabhath

Hi all,

Still i am facing the problem..Any more update......?????????????????????????????

I have attached my config..Plz have a look at that and plz point me where i was wrong....!!!

Regard's

Prabath

Your post is old, but this may help someone else

I think thay is not a good idea to put more than one "nat (inside) 0" command.

The best way is to use an access-list.

Cisco TAC solve my NAT problem changing:

nat (inside) 0

to a identity nat with an access-list

no nat (inside) 0 172.26.3.12 255.255.255.252 0 0

no nat (inside) 0 172.26.1.0 255.255.255.248 0 0

no nat (inside) 0 172.26.0.0 255.255.255.0 0 0

no nat (inside) 0 192.168.0.0 255.255.252.0 0 0

access-list noNATinside extended permit ip 172.26.3.12 255.255.255.252 any

access-list noNATinside extended permit ip 172.26.1.0 255.255.255.248 any

access-list noNATinside extended permit ip 172.26.0.0 255.255.255.0 any

access-list noNATinside extended permit ip 192.168.0.0 255.255.252.0 any

nat (inside) 0 access-list noNATinside