Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
0
Helpful
1
Replies

ASA error in ver 7.0(7)

jia
Level 1
Level 1

‎09-13-2012 08:40 PM - edited ‎03-11-2019 04:54 PM

Hello,everybody

         %ASA-3-305005: No translation group found for tcp src inside:211.155.169.186/1433 dst outside:42.121.87.89/6000,    I found this error ,but the IP

211.155.169.186 is public address. I check the configuration but didn't find any information about this address.I don't understand why src is inside? How can I solve this error?

Thank you

ASA version:7.0(7)

Labels:
0 Helpful
1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

‎09-13-2012 10:19 PM

Hello,

You might have NAT-control enabled and as you know for a packet to traverse the ASA a NAT rule must exist.

Now as you point you do not have the 211.x.x.x subnet on your inside so you should not be doing any nat for that (That is why we are getting those logs)

The question here is who is using that IP and the most important how the heck he is on the internal subnet>???

Ip spoofing, a back-door.

Dude check your internal network desing, make sure there is only one way to go to the internet ( I have worked a lot on cases where the customer says the ASA is the only way out, and trust me there is always a secondary device..So Check your network and after you do it, check it twice)

Any other question.. sure... Just let me know. but remember to rate all of my answers.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card