https://community.cisco.com/t5/network-security/having-trouble-nat-ing-outside-addresses-to-inside-network/m-p/894693#M958723 <HTML><HEAD></HEAD><BODY><P>Since you need to go from an unsecure interface to a more secure interface, you need a NAT translation. Since you would like to 'route' between these two, you'll really be NATing all addresses.</P><P></P><P>static (inside,outside) 10.100.3.0 10.100.3.0 netmask 255.255.255.0</P><P></P><P>When the PIX sees a packet destined for 10.100.3.x on the outside interface, it will forward it to the inside interface with the same IP.</P><P></P><P>HTH and please rate.</P></BODY></HTML> Thu, 13 Dec 2007 18:55:45 GMT Collin Clark 2007-12-13T18:55:45Z https://community.cisco.com/t5/network-security/having-trouble-nat-ing-outside-addresses-to-inside-network/m-p/894692#M958722 <P>Using a pix501, have servers on the outside interface that need to be able to access servers on the inside interface. I can ping from the inside out, but when attempting to ping from the outside in, getting a 305005: No translation group found for icmp src server2 dst inside:server1 (type 8, code0) message in the log. The inside network is 10.100.3.x and the outside is 10.25.143.x. I would really just like the pix to function more like a router with an acl in this situation since I need each side to see the real IP address of the other server. The translation rule nat (inside) 0 10.0.0.0 255.0.0.0 0 0 is working to allow traffic inside out, but any other rules I try adding result in a configuration error.</P> Wed, 13 Mar 2019 00:50:24 GMT https://community.cisco.com/t5/network-security/having-trouble-nat-ing-outside-addresses-to-inside-network/m-p/894692#M958722 JJost 2019-03-13T00:50:24Z https://community.cisco.com/t5/network-security/having-trouble-nat-ing-outside-addresses-to-inside-network/m-p/894693#M958723 <HTML><HEAD></HEAD><BODY><P>Since you need to go from an unsecure interface to a more secure interface, you need a NAT translation. Since you would like to 'route' between these two, you'll really be NATing all addresses.</P><P></P><P>static (inside,outside) 10.100.3.0 10.100.3.0 netmask 255.255.255.0</P><P></P><P>When the PIX sees a packet destined for 10.100.3.x on the outside interface, it will forward it to the inside interface with the same IP.</P><P></P><P>HTH and please rate.</P></BODY></HTML> Thu, 13 Dec 2007 18:55:45 GMT https://community.cisco.com/t5/network-security/having-trouble-nat-ing-outside-addresses-to-inside-network/m-p/894693#M958723 Collin Clark 2007-12-13T18:55:45Z https://community.cisco.com/t5/network-security/having-trouble-nat-ing-outside-addresses-to-inside-network/m-p/894694#M958724 <HTML><HEAD></HEAD><BODY><P>dont forget to allow inbound traffic using an ACL.</P><P>access-list outside_acl permit icmp any any </P><P>access-group outside_acl in interface outside</P></BODY></HTML> Thu, 13 Dec 2007 20:44:33 GMT https://community.cisco.com/t5/network-security/having-trouble-nat-ing-outside-addresses-to-inside-network/m-p/894694#M958724 srue 2007-12-13T20:44:33Z https://community.cisco.com/t5/network-security/having-trouble-nat-ing-outside-addresses-to-inside-network/m-p/894695#M958726 <HTML><HEAD></HEAD><BODY><P>I believe I already have both the necessary translation rule and acl's applied. What I just found out was once I ping from the inside server to the outside server, the outside server can then ping and communicate fine with the inside server. However, this only seems to last for so long before the outside to inside ping stops working, and then I have to ping from the inside out to jumpstart the connection. Is there a time out somewhere that can be adjusted so this doesn't happen?</P></BODY></HTML> Fri, 14 Dec 2007 12:59:53 GMT https://community.cisco.com/t5/network-security/having-trouble-nat-ing-outside-addresses-to-inside-network/m-p/894695#M958726 JJost 2007-12-14T12:59:53Z