Re: PIX 6.2 Syslog MEssages

vikrantarora · ‎05-30-2003

I have copied the following ERROR messages collected by the syslog utility for pix 6.2.

I keep geeting them on a non-stop basis. Please help me interpret and rectify them.

May 29 2003 20:40:42: %PIX-3-305005: No translation group found for udp src outside:217.36.40.213/3038 dst inside:204.142.89.158/1434

May 29 2003 20:40:42: %PIX-3-305005: No translation group found for tcp src outside:63.139.133.200/2620 dst inside:198.138.22.134/445

Thanks!

r.vanwolferen · ‎05-30-2003

Hello,

This is the answer from Cisco:

%PIX-3-305005 (x1): No translation group found for .

Explanation: An outbound packet does not match any of the outbound nat rules.

Recommended Action: This message signals a configuration error. If dynamic NAT is desired for the source host, ensure that the nat command matches the source IP address. If static NAT is desired for the source host, ensure that the local IP address of the static command matches. If no NAT is desired for the source host, check the access-list bound to the nat 0 access-list.

I hope this is an answer to you

Greetings,

Rene

vikrantarora · ‎05-30-2003

I am not able to follow your point very well. I am new to cisco and would appreciate some elaboration.

I have the following:

nat (inside) 0 0.0.0.0 0.0.0.0 0 0

nat (dmz:2) 0 0.0.0.0 0.0.0.0 0 0

And I do not have a nat 0 access-list.

yizhar · ‎05-30-2003

HI.

Because the sources are from outsides, and the ports are common ports for attackes, It seems to me more like a "normal" port scan from external hosts, rather then a configuration error at your side.

Since these attempts are blocks, I don't think that you need to do much about it, unless you have some problem.

Yizhar