Core issue

The error message occurs when the outbound packet does not match any of the translation rule.

When Adaptive Security Appliance (ASA) replaces PIX, connectivity to the Internet through the device is lost.

When ever the outbound packet leaves Firewall there has to be a translation rule that suggest whether the source ip be preserved or natted, in absence of this rule Pix generates the error message

For more information, refer to the 305005 section of System Log Messages.

Resolution

To resolve the problem, ensure that all the translation entries in the configuration are correct.

Translate the inside source IP address with the help of Network Address Translation (NAT) or Port Address Translation (PAT) when the Internet is accessed. Use these commands in the global configuration mode:

• nat
  
  The nat command helps to identify addresses on one interface that are translated to mapped addresses on another interface.
   
• global
  
  The global command creates a pool of mapped addresses for NAT.

Use the Identity NAT feature (which uses the nat 0 command) when the source IP address must not be translated into any other IP address.

Use the NAT Exemption feature (which uses the nat id access-list command) to allow both translated and remote hosts to initiate connections.

Refer to Port Redirection(Forwarding) with nat, global, static and access-list Commands for more information on PAT and NAT commands.

Product Family

ASA Hardware & Software

ASA Models

ASA 5500

PIX Syslogs

PIX-3-305005: No translation group found for <protocol> src <interface>:<IP_addr>/<port> dst <int_name>:<IP_addr>/<port>