Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX, Vlans and two outside interfaces

Hi,

My ISP currently suppies me two VLANs over ethernet, one tagged and one untagged. Until now, I've not used the tagged one.

On a PIX 515E, IOS 6.3, I have created a vlan interface mapped to ethernet0 and called it outsidetwo with security 1. ethernet0 has the role of outside with security 0.

I'm having problems with the NAT translations. I have set up a static translation between the new outsidetwo interface and my DMZ:

global (outside) 1 interface

global (DMZ) 1 interface

global (outsidetwo) 1 interface

static (DMZ,outsidetwo) W.X.Y.Z 192.168.50.100 netmask 255.255.255.255 0 0

However, I get the following error when sending traffic from 192.168.50.100:

No translation group found for udp src DMZ:192.168.50.100/32768 dst outside:SOTA_Secondary_DNS/53

The default route is specified as:

route outside 0.0.0.0 0.0.0.0 X.X.X.X 1

I suspect the error is caused because the PIX wants to route the outgoing traffic via the outside interface and as such can not find a valid translation rule.

Is there any way I can specify two outside interfaces, so traffic listed as being NATted to outsidetwo will go out this VLAN interface and other traffic will go out outside (the untagged vlan interface)?

Any other way I can get this to work, with essentially two outside interfaces?

2 REPLIES
Green

Re: PIX, Vlans and two outside interfaces

What if you add...

nat (DMZ) 1 192.168.50.100 255.255.255.255

Cisco Employee

Re: PIX, Vlans and two outside interfaces

You must be receiving the error %PIX-3-305005:No translation group found for udp..

This is because you are missing the translation rule when you are trying to go outside

So add

nat (dmz) 1 0 0

The above statement would provide the nat rules for source that originates from inside and tries to access anything on outside Interface

104
Views
0
Helpful
2
Replies