Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX to Netscreen vLAN setup

I have a Netscreen25 and a PIX 501 with an unusual setup. Here's how it looks.



Cisco 2600 Outside routable address

| Inside address


Netscreen Outside address Port 1

| Port 3 Inside address

| to 192.168.1.x


|Port 2


Pix Outside address

| Inside address


The 172.16.0 addresses can ping 192.168.1.x addresses

but that is it the Pix monitor says:

305005:No translation group found for icmp src inside dst outside: (type 8 code 0)

Trying to ping Google. Looks like a routing error of some kind. What is a translation group?


Cisco Employee

Re: PIX to Netscreen vLAN setup

The PIX has to create a translation for all traffic passing through it. It does this with the nat/global and static configuration commands. Basically for any traffic to pass from a higher security interface to a lower (inside to outside), the PIX needs to create a translation for it and to do that it needs to either have a static command or a nat/global pair for the two interfaces.

If you can ping then it means that you probably have a nat/global something like:

> nat (inside) 1

> global (outside) 1 interface

or something similar. I'm a little confused as to why you're getting this message then because your other traffic is also going from the inside to the outside interface, so it should use the same nat/global.

If you could post your config it would be easy to see where the problem lies, xxxx out your passwords though.

CreatePlease login to create content