i have an asa 5540 & i'm trying to allow an outside IP through the asa & into another firewall's dmz on the inside interface
the external IP is 145.a.b.c/32 & the internal dmz address is 194.a.b.c
i have a nat exempt rule allowing 145.a.b.c/32 to talk to 194.a.b.c using inbound traffic but i get a no tranlsation group found
the firewall's external interface is directly connected to 145145.a.b.c and it has a route via its inside interface to 194.a.b.c
i can see the access rule incrementing and i can see a packet capture showing the source address trying to get to the destination address on the outside interface where the traffic arrives
there is nothing from the packet capture showing traffic leaving the external interface
anyone any ideas?
thanks to anyone taking the time to respond or post a reply
nat exemption with an acl is bidirectional by default - provided you apply that on the higher security interface.
You did what I had suggested which to apply nat 0 on the inside or dmz interface with an acl.
Earlier you had provided exemption for the host 145.a.b.c that lived on the outside. That is incorrect.
nat (Outside) 0 access-list Outside_nat0_outbound_1 outside
access-list Outside_nat0_outbound_1 extended permit ip host 145.a.b.c host 194.a.b.c
This firewall probably logged no translation group messages.