Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Static Port Redirection on Pix 515E 6.3(5)

Dear All,

I am working on a 515e with the following interfaces:

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security4

nameif ethernet3 webside security6

nameif ethernet4 backweb security8

nameif ethernet5 bakweb_domino security7

I have a windows box with on the inside, and another windows box with on the dmz, both with a tftp client.

I have configured the following static port redirection:

static (dmz,inside) udp tftp tftp netmask

In this way the tftp request from the inside network .130 to .133 are redirected to I have also configured a:

nat (inside) 0

to exclude the .130 from traslation.

It works from the inside to dmz, but from dmz to it do not work, I have just added an acl to permit the traffic.

On the pix log i got the following message:

%PIX-3-305005: No translation group found for udp src dmz: dst inside:


Best regards,



Re: Static Port Redirection on Pix 515E 6.3(5)

You need a translation anytime you go from a lower security interface to a higher one.

static (inside,dmz) netmask

Hope that helps

New Member

Re: Static Port Redirection on Pix 515E 6.3(5)

Many thanks for your reply.

I think you are right, but my porpouse is that when the reply to, its src address should be traslated to

I have just tryed to configure an outside nat on dmz interface:

nat(dmz) 2 outside

global (inside) 2

It works, but I lost all the other traslation on the webside interface.

What di you think ?