https://community.cisco.com/t5/network-security/error-305005-no-translation-group-found/m-p/1719459#M537225 <HTML><HEAD></HEAD><BODY><P>"nat (c_dmz) 0 0.0.0.0 0.0.0.0 0 0" command only works for outbound connection, ie: from high to low security level.</P><P></P><P>Since you would like to pass traffic from c_dmz (security level 0) to inside (security level 100), ie: from low to high security level, then you would need the following command:</P><P></P><P>static (inside,c_dmz) 195.244.192.166 195.244.192.166 netmask 255.255.255.255</P><P>static (inside,c_dmz) 195.244.192.16 195.244.192.16 netmask 255.255.255.255</P><P></P><P>Hope that helps.</P></BODY></HTML> Mon, 27 Jun 2011 12:18:02 GMT Jennifer Halim 2011-06-27T12:18:02Z https://community.cisco.com/t5/network-security/error-305005-no-translation-group-found/m-p/1719458#M537223 <P>Error message</P><P>305005: No translation group found for udp src c_dmz:10.0.176.120/51910 dst inside:195.244.192.16/53</P><P>305005: No translation group found for udp src c_dmz:10.0.176.120/51910 dst inside:195.244.192.166/53</P><P></P><P>Config</P><P>:</P><P>PIX Version 6.3(4)</P><P></P><P>nameif ethernet0 c_dmz security0</P><P>nameif ethernet1 g_dmz security25</P><P>nameif ethernet2 inside security100</P><P></P><P>access-list acl-c_dmz permit udp host 10.0.176.120 host 195.244.192.166 eq domain</P><P>access-list acl-c_dmz permit udp host 10.0.176.120 host 195.244.192.16 eq domain</P><P></P><P>ip address c_dmz 10.0.176.1 255.255.255.0</P><P>ip address g_dmz 10.0.172.1 255.255.255.0</P><P>ip address inside 10.0.232.1 255.255.255.0</P><P></P><P>nat (c_dmz) 0 0.0.0.0 0.0.0.0 0 0</P><P>nat (inside) 0 0.0.0.0 0.0.0.0 0 0</P><P></P><P>static (inside,c_dmz) 10.0.232.0 10.0.232.0 netmask 255.255.255.0 0 0</P><P>static (inside,_dmz) 10.0.232.0 10.0.232.0 netmask 255.255.255.0 0 0</P><P>static (g_dmz,c_dmz) 10.0.172.0 10.0.172 netmask 255.255.255.0 0 0</P><P>static (c_dmz,inside) 10.0.176.0 10.0.176.0 netmask 255.255.255.0 0 0</P><P>access-group acl-c_dmz in interface c_dmz</P><P>access-group acl-g_dmz in interface g_dmz</P><P></P><P>Issue</P><P>Servers are trying to access 2 DNS servers via the inside interface.</P><P>There is no outside interface, default route is via inside interface.</P><P></P><P>I thought it needed a nat (c_dmz) command but I got the following error message </P><P></P><P>PIX(config)# nat (c_dmz) 0 0.0.0.0 0.0.0.0 0 0</P><P>nat 0 0.0.0.0 will be identity translated for outbound</P><P>WARNING:&nbsp; Binding inside nat statement to outermost interface.</P><P>WARNING:&nbsp; Keyword "outside" is probably missing.</P><P></P><P>Any idea where I am going wrong?</P> Mon, 11 Mar 2019 20:51:14 GMT https://community.cisco.com/t5/network-security/error-305005-no-translation-group-found/m-p/1719458#M537223 JIM T 2019-03-11T20:51:14Z https://community.cisco.com/t5/network-security/error-305005-no-translation-group-found/m-p/1719459#M537225 <HTML><HEAD></HEAD><BODY><P>"nat (c_dmz) 0 0.0.0.0 0.0.0.0 0 0" command only works for outbound connection, ie: from high to low security level.</P><P></P><P>Since you would like to pass traffic from c_dmz (security level 0) to inside (security level 100), ie: from low to high security level, then you would need the following command:</P><P></P><P>static (inside,c_dmz) 195.244.192.166 195.244.192.166 netmask 255.255.255.255</P><P>static (inside,c_dmz) 195.244.192.16 195.244.192.16 netmask 255.255.255.255</P><P></P><P>Hope that helps.</P></BODY></HTML> Mon, 27 Jun 2011 12:18:02 GMT https://community.cisco.com/t5/network-security/error-305005-no-translation-group-found/m-p/1719459#M537225 Jennifer Halim 2011-06-27T12:18:02Z https://community.cisco.com/t5/network-security/error-305005-no-translation-group-found/m-p/1719460#M537227 <HTML><HEAD></HEAD><BODY><P>That worked a treat. Thanks.</P></BODY></HTML> Mon, 04 Jul 2011 13:43:21 GMT https://community.cisco.com/t5/network-security/error-305005-no-translation-group-found/m-p/1719460#M537227 JIM T 2011-07-04T13:43:21Z