No translation table?

sjamison — Fri, 21 Feb 2020 09:23:08 GMT

This is a weird one to me. Looks like there is a certain pecking order to how the PIX handles requests when it comes to VPN's.

2007-01-24 11:44:19 Local4.Error 10.200.89.1 Jan 24 2007 11:44:20: %PIX-3-305005: No translation group found for tcp src newoutside:10.40.10.14/1070 dst DMZ:10.200.84.15/80

The 10.40.10.x network is at a remote site, that VPN's back to the PIX. The server they are trying to reach is in the DMZ. There is a static translation on the PIX:

static (DMZ,newoutside) 159.87.xx.xx 10.200.84.15 netmask 255.255.255.255

They are doing DNS querries to our inhouse DNS box. So it is pointing them into the DMZ for this IP if they were to goto the box. If they looked up the name outside of our network then it would be the public IP, but you cant get to the public IP from the inside. They have to have DNS access to our servers for lookups, so how exactly do you get around this?

Re: No translation table?

5220 — Thu, 25 Jan 2007 09:51:59 GMT

Hi,

So, if you want the 10.40.10.x users to connecto the DMZ through the VPN using the private ip of the server, then you need a NAT 0 statement for this traffic.

access-list nonat permit ip 10.40.10.0 255.255.255.0 host 10.200.84.15

nat ("interface") 0 access-list nonat

Please rate if this helped.

Regards,

Daniel

topic Re: No translation table? in Network Security

No translation table?

Re: No translation table?