%PIX-3-305006: Regular translation creation failed

Gian Paolo · ‎05-22-2008

Hello,

I'm getting this error even if the IP addresses used for NAT are correct, not network or a broadcast address.

My platform:

Cisco PIX Firewall Version 6.3(5)

Cisco PIX Device Manager Version 3.0(4)

My network is connected with MPLS links. If I ping from another site (another network) I get a reply and no error messages logged. Other networks reach my site from the inside interface via MPLS router. If I ping from inside to the inside address of the server, natted from the dmz, I get the above error logged and no response.

static (dmz,inside) MAIL_inside MAIL_dmz netmask 255.255.255.255 0 0

Shortly:

net remote : 192.168.1.0 /24

net local : 192.168.3.0 /24

dmz: 10.0.0.0 /24

Remote network is connected via MPLS router.

I ping the ip address in local network 192.168.3.1 from remote network 192.168.1.0, I reach the server, real address 10.0.0.1.

If I ping from a machine in my local network 192.168.3.0/24 the ip address of the server 192.168.3.1 I can't get any response!

Hope my explanation is clear.

Any hint? Thanks

vitripat · ‎05-22-2008

I think you dont have a corresponding nat/global commands for 192.168.3.0/24 network to go to dmz network.

Assuming that you have following nat statement:

nat (inside) 1 192.168.3.0 255.255.255.0

global (dmz) 1 interface (try this command)

If this does not help, please past outputs of "show nat" and "show global" commands.

Regards,

Vibhor.

Gian Paolo · ‎05-26-2008

That's right, global(dmz) statement is missing.

Is it correct that with this configuration I can reach the natted IP from other networks, coming from a MPLS router connected to inside interface , but not from the network the inside interface belongs to?