Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to troubleshoot ASA 5500 for nat when getting error message PIX-3-305005: No translation group found for protocol src interface_name:dest_address/dest_port dst nterface_name:source_address/source_port "

Core issue

The error message occurs when the outbound packet does not match any of the translation rule.

When Adaptive Security Appliance (ASA) replaces PIX, connectivity to the Internet through the device is lost.

When ever the outbound packet leaves Firewall there has to be a translation rule that suggest whether the source ip be preserved or natted, in absence of this rule Pix generates the error message

For more information, refer to the 305005 section of System Log Messages.

Resolution

To resolve the problem, ensure that all the translation entries in the configuration are correct.

Translate the inside source IP address with the help of Network Address Translation (NAT) or Port Address Translation (PAT) when the Internet is accessed. Use these commands in the global configuration mode:

  • nat

    The nat command helps to identify addresses on one interface that are translated to mapped addresses on another interface.
     
  • global

    The global command creates a pool of mapped addresses for NAT.

Use the Identity NAT feature (which uses the nat 0 command) when the source IP address must not be translated into any other IP address.

Use the NAT Exemption feature (which uses the nat id access-list command) to allow both translated and remote hosts to initiate connections.

Refer to Port Redirection(Forwarding) with nat, global, static and access-list Commands for more information on PAT and NAT commands.

Product Family

ASA Hardware & Software

ASA Models

ASA 5500

PIX Syslogs

PIX-3-305005: No translation group found for <protocol> src <interface>:<IP_addr>/<port> dst <int_name>:<IP_addr>/<port>

1747
Views
0
Helpful
0
Comments