Core issue
The error message occurs when the outbound packet does not match any of the translation rule.
When Adaptive Security Appliance (ASA) replaces PIX, connectivity to the Internet through the device is lost.
When ever the outbound packet leaves Firewall there has to be a translation rule that suggest whether the source ip be preserved or natted, in absence of this rule Pix generates the error message
For more information, refer to the 305005 section of System Log Messages.
Resolution
To resolve the problem, ensure that all the translation entries in the configuration are correct.
Translate the inside source IP address with the help of Network Address Translation (NAT) or Port Address Translation (PAT) when the Internet is accessed. Use these commands in the global configuration mode:
- nat
The nat command helps to identify addresses on one interface that are translated to mapped addresses on another interface.
- global
The global command creates a pool of mapped addresses for NAT.
Use the Identity NAT feature (which uses the nat 0 command) when the source IP address must not be translated into any other IP address.
Use the NAT Exemption feature (which uses the nat id access-list command) to allow both translated and remote hosts to initiate connections.
Refer to Port Redirection(Forwarding) with nat, global, static and access-list Commands for more information on PAT and NAT commands.
Product Family
ASA Hardware & Software
ASA Models
ASA 5500
PIX Syslogs
PIX-3-305005: No translation group found for <protocol> src <interface>:<IP_addr>/<port> dst <int_name>:<IP_addr>/<port>