02-10-2009 01:23 AM - edited 03-11-2019 07:48 AM
Hi all,
I am getting %PIX-3-305005: No translation group found for icmp src error in my sys log server.I am trying to access some inside servers from outside network.
Any idea wr to start....
Thanks in advance
Regard's
Prabath
02-10-2009 01:37 AM
02-10-2009 01:41 AM
I tried all this options
static (outside,inside) 172.16.0.0 172.16.0.0 netmask 255.255.255.0
and
nat(outside) 0 172.16.0.0 255.255.255.0
still its not working
i am getting this error
%PIX-3-305005: No translation group found for icmp src outside:172.16.31.50 dst inside:192.168.1.15 (type 8, code 0)
all access-list also ther....
02-10-2009 02:46 AM
Hi,
You have to nat inside on outside...
For example, if you have an internal inside network 192.168.1.0/24:
static (inside,outside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
I hope this helps.
Best regards.
Massimiliano.
02-10-2009 04:50 AM
Hi,
thanks for y r reply.but i am using no-nat (nat 0 ) for 192.168.1.0 network.then why should i go for static.Only one is wnough ryt..?
Note : my requirement is i wanna to give access from 172.16.31.0 (outside) network to 192.168.1.0 (inside ) network.
Plz have my config attached and guide me in correct direction...i already lost myself...
02-10-2009 05:11 AM
If you want to access to host on inside network you must use static.
If you can remove nat0 and try with:
static (inside,outside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
Let me know.
Massimiliano.
02-10-2009 05:20 AM
thanks for u r reply...
I will try that next mrg and let you know..
Regard's
Prabath
02-10-2009 06:12 AM
Hi,
Be careful if you are in a production network.
If you remove and/or insert the command nat0 or static you could experience loss of connections.
I hope this helps.
Best regards.
Massimiliano.
02-11-2009 03:02 AM
Hi,
Yes i am in production network but yesterday i tried with the commeand
static (inside,outside) 192.168.0.0 .168.0.0 255.255.252.0 0 0
but still there is no progress.But everything else is work working fine only the outside network to inside access is not happening.when i am trying to ping from outside to inside server i will get the nat translation error msg.
thanks
prabhath
02-12-2009 02:58 AM
Hi all,
Still i am facing the problem..Any more update......?????????????????????????????
I have attached my config..Plz have a look at that and plz point me where i was wrong....!!!
Regard's
Prabath
05-19-2009 10:32 AM
Your post is old, but this may help someone else
I think thay is not a good idea to put more than one "nat (inside) 0" command.
The best way is to use an access-list.
Cisco TAC solve my NAT problem changing:
nat (inside) 0
to a identity nat with an access-list
no nat (inside) 0 172.26.3.12 255.255.255.252 0 0
no nat (inside) 0 172.26.1.0 255.255.255.248 0 0
no nat (inside) 0 172.26.0.0 255.255.255.0 0 0
no nat (inside) 0 192.168.0.0 255.255.252.0 0 0
access-list noNATinside extended permit ip 172.26.3.12 255.255.255.252 any
access-list noNATinside extended permit ip 172.26.1.0 255.255.255.248 any
access-list noNATinside extended permit ip 172.26.0.0 255.255.255.0 any
access-list noNATinside extended permit ip 192.168.0.0 255.255.252.0 any
nat (inside) 0 access-list noNATinside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide