Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
378
Views
0
Helpful
1
Replies

No translation table?

sjamison
Level 1
Level 1

‎01-24-2007 01:09 PM - edited ‎02-21-2020 01:23 AM

This is a weird one to me. Looks like there is a certain pecking order to how the PIX handles requests when it comes to VPN's.

2007-01-24 11:44:19 Local4.Error 10.200.89.1 Jan 24 2007 11:44:20: %PIX-3-305005: No translation group found for tcp src newoutside:10.40.10.14/1070 dst DMZ:10.200.84.15/80

The 10.40.10.x network is at a remote site, that VPN's back to the PIX. The server they are trying to reach is in the DMZ. There is a static translation on the PIX:

static (DMZ,newoutside) 159.87.xx.xx 10.200.84.15 netmask 255.255.255.255

They are doing DNS querries to our inhouse DNS box. So it is pointing them into the DMZ for this IP if they were to goto the box. If they looked up the name outside of our network then it would be the public IP, but you cant get to the public IP from the inside. They have to have DNS access to our servers for lookups, so how exactly do you get around this?

0 Helpful
1 Reply 1

5220
Level 4
Level 4

‎01-25-2007 01:51 AM

Hi,

So, if you want the 10.40.10.x users to connecto the DMZ through the VPN using the private ip of the server, then you need a NAT 0 statement for this traffic.

access-list nonat permit ip 10.40.10.0 255.255.255.0 host 10.200.84.15

nat ("interface") 0 access-list nonat

Please rate if this helped.

Regards,

Daniel

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card