I have a PIX 535 running
Cisco PIX Security Appliance Software Version 7.2(3)
Device Manager Version 5.2(3)
the problem I am getting is when I have servers in my DMZ that do not have STATIC Nat statement attached to them get the error code "%PIX-3-305005: No translation group found" when trying to get to the Internet. I have a NAT 0 access list assigning the non static nat servers to the NAT 0 pool (Nat Exempt).
So I am at a loss now. Anyone with an Idea would help thanks
Its OK to use exempt NAT and connect to hosts on their real IP addresses internally but you need a NAT statement for connecting to internet, something like following
nat (DMZ) 1 0 0
global (outside) 1 interface
Please post your config if above suggestion does not help
Ah, hosts have got Public IPs already. Assuming that they are publicly routable try adding the following
access-list dmz_nat0_outbound extended permit ip 184.108.40.206 255.255.255.0 any
thanks, will have to wait untill Monday to test. the server manager ( has left the building) will get back with you.
Ok then. If you apply the above suggestion, hosts will appear in internet with their own IPs
If you type "nat (dmz) 1 0 0" instead, dmz hosts will connect internet via PATed IP address of outside interface
Will this commain "nat (dmz) 1 0 0" over right Static Nat statement already in place or just dynamically nat devices that do not have any static nat?
That did work for the Non-static machines.
But I am still having the problem with the machines that has 220.127.116.11.
This one has a static nat to (outside)18.104.22.168. there is a ACL on the outside interface that allows Http and Https to come into the DMZ, and a ACL on the DMZ interface that allows all to go out. But they still cant hit the internet.