10-22-2018 06:03 PM - edited 02-21-2020 08:23 AM
Hey Guys;
I've seen to be having an issue with this ASA 5510 FW; I don't wanna use NAT for inside/outside; since im natted on my router; I just want this FW to inspect packages and denied packages; that's it;
when I check the logs on the 5510; it keeps saying this error
3|Oct 22 2018 16:24:12|305005: No translation group found for udp src IN:1.8.8.4/49611 dst OUT:8.8.4.4/53
3|Oct 22 2018 16:24:12|305005: No translation group found for udp src IN:1.8.8.4/50818 dst OUT:8.8.4.4/53
3|Oct 22 2018 16:24:12|305005: No translation group found for udp src IN:1.8.8.4/49486 dst OUT:8.8.4.4/53
3|Oct 22 2018 16:24:12|305005: No translation group found for udp src IN:1.8.8.4/57103 dst OUT:8.8.4.4/53
3|Oct 22 2018 16:24:13|305005: No translation group found for udp src IN:1.8.8.4/61703 dst OUT:8.8.4.4/53
I also saw this alert
6|Oct 22 2018 16:45:00|110002: Failed to locate egress interface for UDP from IN:1.8.8.4/49817 to 8.8.4.4/53;
This is the only error/alert I see that's causing me not to get onto the internet.
I have a simple and easy setup; please see attach on network layout and FW config.
10-22-2018 10:31 PM
10-22-2018 11:02 PM - edited 10-22-2018 11:11 PM
Hello;
I'm trying to apply an exempt for NAT; so ASA won't nat any traffic from inside/outside; just denied and/or permit packages.
Isn't this the command to exempt traffic that you don't wanna to nat from inside-outside
access-list NO-NAT extended permit ip INNET 255.255.255.0 OUTNET 255.255.255.252
Please advise
Thanks
10-23-2018 02:33 AM
If you do not want to do any NAT on the ASA then remove the following commands.
nat-control
global (OUT) 1 interface
nat (IN) 0 access-list NO-NAT
Nat-control forces you to use NAT or traffic will be dropped. So once you remove that you will be able to remove the global and nat commands without affecting traffic.
10-23-2018 11:05 AM
Hello;
After removing the configurate you recommend; I can see I can build outbound packets for DNS; but I don't see any inbound packets coming back to my inside network; and when I try to access a website I still can't view website; it saying can't find DNS Server name and/or DNS Timeout
idk what else I'm missing for this to work as a simple network setup; I would like to use the gui but I keep getting server not trusted from java even with the ip address in the exception site list; still nothing
this is what I see on java console when trying to launch Cisco ASDM
java.lang.ClassCastException: sun.security.ssl.X509TrustManagerImpl cannot be cast to com.sun.deploy.security.X509ExtendedDeployTrustManager
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Java couldn't trust Server
Caused by: java.security.cert.CertificateException: Java couldn't trust Server
I've seen this before but with the ip address in the exception list its still not working
Please help
please anyone can direct me on how to fix the web and ASA 5510 problem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide