Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

asa 5540 and nat

Hi

Whe have a ASA with three interfaces:

One outside with adresses 193.55.96.X

One DMZ with addresses 192.168.59.X

One inside with addresses 172.36.253.X

Our nat translation are :

on DMZ interface

static 192.168.59.XX any outside 193.55.96.XX

....

on inside interface

static 172.36.253.XX any outside 193.55.96.XX

...

We add another nat rule and all goes wrong (We do not know if it is the cause)

Here are our logs :

Dec 18 15:33:05 193.55.86.108 Dec 18 2007 15:31:29: %ASA-3-305005: No translation group found for icmp src DMZ:192.168.59.4 dst inside:172.36.253.113 (type 8

Dec 18 15:33:09 193.55.86.108 Dec 18 2007 15:31:31: %ASA-3-305005: No translation group found for tcp src DMZ:192.168.59.3/48607 dst inside:172.36.253.21/520

and many other like there (all from dmz to inside)

The rule that we believe we have written:

on inside interface

static 172.36.253.XX 194.26.53.XX (ip address of a computer outside our network) outside 193.55.96.XX

We erase the rule but the problem continued.

Machines on the inside don't respond to ping.

There is no nat beetween DMZ and inside

What can generate this problem (nat configuration error, system problem)?

Thank you for your help

1 REPLY
Green

Re: asa 5540 and nat

static (inside,DMZ) 172.36.253.0 172.36.253.0 netmask 255.255.255.0

185
Views
0
Helpful
1
Replies