02-29-2008 09:19 AM - edited 02-21-2020 01:55 AM
Hi,
i have an asa 5505 setup as a default router for my network inside address 192.168.32.254. I want to route traffic for 192.168.251.0 to a diffrent inside host 192.168.32.205
I included traffice from 192.168.32.0 to 192.168.251.0 in my nat exempt list
I have setup a route route inside 192.168.251.0 255.255.255.0 192.168.32.205
i get no translation group error for traffic from 192.168.32.x to 192.168.251.x
a packet trace gives me
packet-tracer input inside icmp 192.168.32.207 0 0 192.168.251.6
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.251.0 255.255.255.0 inside
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.32.0 255.255.255.0 inside
Phase: 4
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: NAT-EXEMPT
Subtype:
Result: ALLOW
Config:
nat (inside) 0 access-list acl_no-nat
match ip inside 192.168.32.0 255.255.255.0 inside 192.168.251.0 255.255.255.0
NAT exempt
translate_hits = 1, untranslate_hits = 0
Additional Information:
Phase: 8
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any inside any
dynamic translation to pool 1 (No matching global)
translate_hits = 165, untranslate_hits = 0
Additional Information:
Phase: 9
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any inside any
dynamic translation to pool 1 (No matching global)
translate_hits = 165, untranslate_hits = 0
Additional Information:
Phase: 10
Type: NAT
Subtype: rpf-check
Result: DROP
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any inside any
dynamic translation to pool 1 (No matching global)
translate_hits = 165, untranslate_hits = 0
Additional Information:
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Can sombody help me out with this ?
02-29-2008 12:14 PM
is the following command configured:
same-security-traffic permit intra-interface
03-03-2008 12:13 AM
yes same-security-traffic permit intra-interface is enabled
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: