07-17-2013 07:57 AM - edited 03-11-2019 07:13 PM
can someone please take a look at this and assist me ..
106001: Inbound TCP connection denied from 172.32.1.101/49171 to 192.168.0.6/3128 flags SYN on interface outside
305005: No translation group found for tcp src outside:172.32.1.101/49171 dst inside:192.168.0.6/3128
106001: Inbound TCP connection denied from 172.32.1.101/49171 to 192.168.0.6/3128 flags SYN on interface outside
305005: No translation group found for tcp src outside:172.32.1.101/49171 dst inside:192.168.0.6/3128
config
PIX Version 6.3(1)
interface ethernet0 10baset
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-list 101 permit tcp any any eq https
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any host 192.168.0.6
access-list 101 permit udp any host 10.32.0.5 eq domain
ip address outside 172.32.1.1 255.255.255.0
ip address inside 10.3.0.3 255.255.0.0
global (outside) 2 interface
global (inside) 1 10.3.3.3
nat (outside) 1 172.32.1.0 255.255.255.0 outside 0 0
static (inside,outside) 10.32.0.5 10.32.0.5 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.0.6 192.168.0.6 netmask 255.255.255.255 0 0
route inside 0.0.0.0 0.0.0.0 10.3.0.1 1
route inside 10.32.0.5 255.255.255.255 10.3.0.1 1
route inside 192.168.0.6 255.255.255.255 10.3.0.1 1
route inside 216.45.178.0 255.255.255.255 10.3.0.4 1
07-17-2013 10:48 AM
Is there any particular reason why you have the following NAT rule:
nat (outside) 1 172.32.1.0 255.255.255.0 outside 0 0
If not, please remove that line. Also, make the access list 101 has a access group pointiong to the outside interface.
Regards,
Juan Lombana
Please rate helpful posts.
07-17-2013 10:59 AM
Thank you so much for taking the time to look at this !
I removed the route and have a statement as recommended
Add the access-group : access-group 101 in interface outside
I still get the following errors
710005: UDP request discarded from 172.32.1.5/137 to outside:172.32.1.255/netbios-ns
106007: Deny inbound UDP from 172.32.1.105/63039 to 10.32.0.5/53 due to DNS Query
305005: No translation group found for tcp src outside:172.32.1.5/3474 dst inside:10.32.0.15/3128
Thanks
07-17-2013 11:02 AM
Hello,
Well, on the last log you sent it looks like the destination is 10.32.0.15, based on the description you only have the following statics:
static (inside,outside) 10.32.0.5 10.32.0.5 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.0.6 192.168.0.6 netmask 255.255.255.255 0 0
You can either add one for 10.32.0.15 or one for the entire network.
Regards,
Juan Lombana
Please rate helpful posts.
07-17-2013 11:09 AM
Thank you, any additional advise for the following:
710005: UDP request discarded from 172.32.1.5/137 to outside:172.32.1.255/netbios-ns
106007: Deny inbound UDP from 172.32.1.105/63039 to 10.32.0.5/53 due to DNS Query
07-17-2013 01:37 PM
DNS server was probably too slow to respond, and the query was answered by another server but those packets are not blocked by the PIX.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide