Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX-3-305006: regular translation creation failed

I am trying to configure an address translation on my PIX 515, I have a number of these configured and can't see why this particular one is failing with the message :

%PIX-3-305006: regular translation creation failed for tcp src inside:[testmachine] dst DMZ:[targethost]

The documentation I have seen suggests this is because I am trying to create a translation rule relating to a network address not a host address ?, but this isn't the case when I look at the config :

static (DMZ,inside) [targethost] [hostsDMZaddress] netmask 255.255.255.255 0 0

All other translation statements relate to specific hosts except for 2 which relate to different subnets to the one this "problem" host is on.

Any ideas ?

4 REPLIES
New Member

Re: PIX-3-305006: regular translation creation failed

Hi,

I believe you need to re-order your NAT statement:

static (inside,DMZ) [targethost] [testmachine] netmask 255.255.255.255

Regards,

New Member

Re: PIX-3-305006: regular translation creation failed

Thanks for your reply. I have probably complicated things by removing the actual IP addresses, but what I am trying to achieve is :

[hostsDMZAddress] = actual IP address or server on DMZ

[targethost] = "translated" address for server on DMZ to be presented on internal network

[testmachine] = any client machine connecting to server on DMZ

So I want to be able to connect from [testmachine] (on internal) to [hostsDMZaddress] (on DMZ) via the IP address [targethost]

I thought I could achieve this by creating a static translation for [hostsDMZaddress] to [targethost]. Do I need to another (maybe dynamic) translation for the client machines([testmachine] being an example client) ?

New Member

Re: PIX-3-305006: regular translation creation failed

try the following

static (DMZ,Inside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

where 192.168.1.0 is the real IP address of the dmz network, mind that will show the DMZ network to the inside network.

let me know if it helped

New Member

Re: PIX-3-305006: regular translation creation failed

For clarity, assuming:

hostdmzaddress = 192.168.3.1

targethost = 172.31.3.1

test machine (client) = 172.31.3.2

Can you please tell me which interface belongs to the inside, outside. what security level is given to the interfaces.

Regards,

646
Views
0
Helpful
4
Replies
CreatePlease to create content