Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
998
Views
0
Helpful
4
Replies

PIX-3-305006: regular translation creation failed

ajenks
Level 1
Level 1

‎09-22-2006 06:24 AM - edited ‎03-09-2019 04:17 PM

I am trying to configure an address translation on my PIX 515, I have a number of these configured and can't see why this particular one is failing with the message :

%PIX-3-305006: regular translation creation failed for tcp src inside:[testmachine] dst DMZ:[targethost]

The documentation I have seen suggests this is because I am trying to create a translation rule relating to a network address not a host address ?, but this isn't the case when I look at the config :

static (DMZ,inside) [targethost] [hostsDMZaddress] netmask 255.255.255.255 0 0

All other translation statements relate to specific hosts except for 2 which relate to different subnets to the one this "problem" host is on.

Any ideas ?

Labels:
0 Helpful
4 Replies 4

obynz
Level 1
Level 1

‎09-22-2006 08:16 AM

Hi,

I believe you need to re-order your NAT statement:

static (inside,DMZ) [targethost] [testmachine] netmask 255.255.255.255

Regards,

0 Helpful

ajenks
Level 1
Level 1
In response to obynz

‎09-22-2006 11:00 AM

Thanks for your reply. I have probably complicated things by removing the actual IP addresses, but what I am trying to achieve is :

[hostsDMZAddress] = actual IP address or server on DMZ

[targethost] = "translated" address for server on DMZ to be presented on internal network

[testmachine] = any client machine connecting to server on DMZ

So I want to be able to connect from [testmachine] (on internal) to [hostsDMZaddress] (on DMZ) via the IP address [targethost]

I thought I could achieve this by creating a static translation for [hostsDMZaddress] to [targethost]. Do I need to another (maybe dynamic) translation for the client machines([testmachine] being an example client) ?

0 Helpful

fausto-oliveira
Level 1
Level 1
In response to ajenks

‎09-24-2006 06:14 AM

try the following

static (DMZ,Inside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

where 192.168.1.0 is the real IP address of the dmz network, mind that will show the DMZ network to the inside network.

let me know if it helped

0 Helpful

obynz
Level 1
Level 1
In response to ajenks

‎09-27-2006 03:57 AM

For clarity, assuming:

hostdmzaddress = 192.168.3.1

targethost = 172.31.3.1

test machine (client) = 172.31.3.2

Can you please tell me which interface belongs to the inside, outside. what security level is given to the interfaces.

Regards,

0 Helpful
Customers Also Viewed These Support Documents