%PIX-3-305005 (x1): No translation group found for protocol src interface_name:dest_address/dest_port
Explanation: A packet does not match any of the outbound nat command rules.
Recommended Action: This message indicates a configuration error. If dynamic
NAT is desired for the source host, ensure that the nat command matches the source
IP address. If static NAT is desired for the source host, ensure that the local
IP address of the static command matches. If no NAT is desired for the source
host, check the ACL bound to the NAT 0 ACL.
I dont think you can log VPN drops/reconnects on the PIX ( someone will correct me if I'm wrong).
IF you need to know when a VPN is down, setup a Monitor server that sends ICMP down the other head of the tunnels from your headoffice and that can report to you when a tunnel has dropped and re established.
Problem is at my data center the pipe coming to my rack goes to a small none managed network HUB then to my pix it goes to the network hub 1st b/c we have 1 drop that is redundant from the DC. so i have 2 cat5 cables that are handed down to my rack.
that plug into the hub, from the hub to my pix 506. e0 of course. i need to know by logging if the pix is dropping connection... if its not then its the hub. I am trying to isolate the problem to the pix are the hub.
for instanse last night at 306am all 9 of my VPN's dropped connection and were back online at 307am. so what hiccuped the pix are the hub. by using logs i should be able to tell if the pix had a error and reset are hicupped.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...