Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Pix 515 (7.0(2) ) - No translation group found

I have the following config:

global (outside) 2 CLIENTA_NAT_ADDRESS

nat (CLIENTA) 2 0.0.0.0 0.0.0.0

Where '0' indicates all networks - Yet for some reason, one of the Subnets connected to the CLIENTA VLAN was generating the following error:

No translation group found for udp src CLIENTA:10.51.1.18/50336 dst outside:dns_server/53

So I added:

nat (CLIENTA) 2 10.51.1.0 255.255.255.0

Which resolved the problem...just wondering why I need to add specific subnets to the nat statement(Rather than just having 0.0.0.0)?

2 REPLIES

Re: Pix 515 (7.0(2) ) - No translation group found

Hi .. the error appears when a packet destined to the outside does not match any translation instructions. or when the traslation slots have been exhausted. In your situation thoses packest should be translated accordingly .. and so perhaps is the PIX not clearing out the xlate entries and leaving the no available free slots for more translations ... there was some issue in previous versions causing this behaviour .. however I am not aware of the same thing happening on version 7. You could perhaps reduce the time out of your xlate translation from the defaulf of 3 hrs.

timeout xlate

I hope it helps ... please rate it if it does !!!

New Member

Re: Pix 515 (7.0(2) ) - No translation group found

There is virtually no traffic going through this pix...and show xlate is telling me there is currently only 8 in use, with a max of 1052.

If I remove the "nat (CLIENTA) 2 10.51.1.0 255.255.255.0", the pix starts generating the "No translation group found for udp src CLIENTA.." errors again...so with only 8 xlate's in use, I don't think it is due to no free translation slots.

299
Views
0
Helpful
2
Replies
CreatePlease to create content