Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

asa 5540 and nat


Whe have a ASA with three interfaces:

One outside with adresses 193.55.96.X

One DMZ with addresses 192.168.59.X

One inside with addresses 172.36.253.X

Our nat translation are :

on DMZ interface

static 192.168.59.XX any outside 193.55.96.XX


on inside interface

static 172.36.253.XX any outside 193.55.96.XX


We add another nat rule and all goes wrong (We do not know if it is the cause)

Here are our logs :

Dec 18 15:33:05 Dec 18 2007 15:31:29: %ASA-3-305005: No translation group found for icmp src DMZ: dst inside: (type 8

Dec 18 15:33:09 Dec 18 2007 15:31:31: %ASA-3-305005: No translation group found for tcp src DMZ: dst inside:

and many other like there (all from dmz to inside)

The rule that we believe we have written:

on inside interface

static 172.36.253.XX 194.26.53.XX (ip address of a computer outside our network) outside 193.55.96.XX

We erase the rule but the problem continued.

Machines on the inside don't respond to ping.

There is no nat beetween DMZ and inside

What can generate this problem (nat configuration error, system problem)?

Thank you for your help


Re: asa 5540 and nat

static (inside,DMZ) netmask