NAT issue routing internet traffic inside.

Eric Hooten — Tue, 12 Mar 2019 02:24:52 GMT

This issue has been resolved by using Nat (inside) 0 0.0.0.0 0.0.0.0 and removing the static nats. 8/14/2013

I have been tasked with sending internet traffic 80,443, & ftp through the inside interface of this firewall. Internet traffic was originally routed through the outside interface as in a normal environment but now it needs to be sent through the inside interface. The route statement is in place and static nat is being used to keep the original address when passing through the inside interface. An ACL is in place to allow the traffic from the lower security to higher. Unfortunately the configuration is not working correctly and I don’t have the opportunity to resolve the issue with trial and error. It is an environment that is run through strict change control so I need to get it right during the short change window.

I get the following message in the log

"PIX-3-305005: No translation group found for tcp src Internal_Servers:10.38.166.76/3088 dst inside:74.125.225.232/80"

By using capture statements I can see the traffic pass through the lower security interface but I never see it make it through the inside interface. The PIX is running 6.3 software so there is no packet tracer to help with trouble shooting any assistance would be greatly appreciated. Please the excerpts from the firewall configuration below.

PIX 525 Info.

Cisco PIX Firewall Version 6.3(3)

ip address outside xxx.136.24.86 255.255.255.240
ip address inside 10.38.166.1 255.255.255.240
ip address HANCloud 10.55.3.1 255.255.252.0
ip address Public_Servers 10.38.166.17 255.255.255.240
ip address Internal_Servers 10.38.166.68 255.255.255.240
!

global (outside) 5 interface
global (outside) 100 xxx.136.24.94 netmask 255.255.255.255
global (HANCloud) 10 10.55.4.50
nat (inside) 10 10.38.57.27 255.255.255.255 0 0
nat (inside) 10 10.38.68.106 255.255.255.255 0 0
nat (inside) 10 10.38.68.196 255.255.255.255 0 0
nat (inside) 10 10.38.68.230 255.255.255.255 0 0
nat (inside) 10 10.38.128.162 255.255.255.255 0 0
nat (inside) 10 10.38.248.221 255.255.255.255 0 0
nat (inside) 10 10.38.54.0 255.255.255.0 0 0
nat (inside) 10 10.38.156.0 255.255.255.0 0 0
nat (inside) 100 10.38.166.0 255.255.255.0 0 0
nat (inside) 5 0.0.0.0 0.0.0.0 0 0
nat (Public_Servers) 5 0.0.0.0 0.0.0.0 0 0
nat (Internal_Servers) 5 0.0.0.0 0.0.0.0 0 0
!

static (Internal_Servers,inside) 10.38.166.65 10.38.166.65 netmask 255.255.255.255 0 0
static (Internal_Servers,inside) 10.38.166.66 10.38.166.66 netmask 255.255.255.255 0 0
static (Internal_Servers,inside) 10.38.166.67 10.38.166.67 netmask 255.255.255.255 0 0

static (Internal_Servers,inside) 10.38.166.68 10.38.166.68 netmask 255.255.255.255 0 0
static (Internal_Servers,inside) 10.38.166.69 10.38.166.69 netmask 255.255.255.255 0 0
static (Internal_Servers,inside) 10.38.166.70 10.38.166.70 netmask 255.255.255.255 0 0
static (Internal_Servers,inside) 10.38.166.71 10.38.166.71 netmask 255.255.255.255 0 0
static (Internal_Servers,inside) 10.38.166.72 10.38.166.72 netmask 255.255.255.255 0 0
static (Internal_Servers,inside) 10.38.166.73 10.38.166.73 netmask 255.255.255.255 0 0
static (Internal_Servers,inside) 10.38.166.74 10.38.166.74 netmask 255.255.255.255 0 0
static (Internal_Servers,inside) 10.38.166.75 10.38.166.75 netmask 255.255.255.255 0 0
static (Internal_Servers,inside) 10.38.166.76 10.38.166.76 netmask 255.255.255.255 0 0
static (Internal_Servers,inside) 10.38.166.77 10.38.166.77 netmask 255.255.255.255 0 0
static (Internal_Servers,inside) 10.38.166.78 10.38.166.78 netmask 255.255.255.255 0 0
static (Internal_Servers,inside) 10.38.166.79 10.38.166.79 netmask 255.255.255.255 0 0
!

object-group service Internet_Services tcp
description Services for Internet Access
port-object eq www
port-object eq https
port-object eq ftp
!

access-list IntServ_to_Inside permit tcp 10.38.166.64 255.255.255.240 any object-group Internet_Services
!

access-group IntServ_to_Inside in interface Internal_Servers
!

route inside 0.0.0.0 0.0.0.0 10.38.166.4 1
!

NAT issue routing internet traffic inside.

Julio Carvajal — Tue, 13 Aug 2013 03:52:27 GMT

Hello Eric,

Basically there is no translation found for that traffic,

global (inside) 5 interface

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

topic NAT issue routing internet traffic inside. in Network Security

NAT issue routing internet traffic inside.

NAT issue routing internet traffic inside.