Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Doubt about Nat0

Hi,

I am receiving following message in my syslog server related to PIX 525 IOS version 7.2

PIX-3-305005: No translation group found for udp src outside:10.3.210.155/57156 dst inside:svhm-dc1/53

The traffic 10.3.210.155 is outside the PIX interface and svhm-dc1 is behind the inside interface. I have nat0 rule for inside the subnet (svhm-dc1) so that it will send the traffic as it is without natting. But as per syslog description I need to do nat0 on 10.3.210.155 which is outside the pix interface. I would like to know how solve this configuration error issue.

Cheers,

siva

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: Doubt about Nat0

you only need to define a static to allow traffic from outside to access the server placed behind inside. like

static(inside,outside) svhm-dc1 svhm-dc1 netmask 255.255.255.255

it will resovle the issue 100%.

3 REPLIES
Silver

Re: Doubt about Nat0

Have you an access-list accordingly?

Can you give me your configuration?

It should be like this....Ex

static (inside,outside) udp interface 137 INTERNALIPADDRESS 137 netmask 255.255.255.255

access-list outside2inside permit udp any interface outside eq 137

access-group outside2inside in interface outside

OR

static (inside,outside) udp PUBLICIP 137 INTERNALIPADDRESS 137 netmask 255.255.255.255

access-list outside2inside permit udp any host PUBLICIP eq 137

access-group outside2inside in interface outside

Thanks,

Dharmesh Putohiy

Community Member

Re: Doubt about Nat0

Hi Dharmesh,

My config is 1400 lines. So I can't send that. But here I have pasted the access-group which has corresponding access list.

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

nat (inside) 0 access-list inside_nat0_acl

host svhm-dc1 is sitting behind PIX inside interface and host 10.3.210.155 is sitting outside the PIX interface and I am using NAT0 for inside interface to communication with 10.3.210.155.

Let me know whether this information is enough or not.

Cheers,

siva

Community Member

Re: Doubt about Nat0

you only need to define a static to allow traffic from outside to access the server placed behind inside. like

static(inside,outside) svhm-dc1 svhm-dc1 netmask 255.255.255.255

it will resovle the issue 100%.

125
Views
0
Helpful
3
Replies
CreatePlease to create content