Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2064
Views
10
Helpful
18
Replies

PIX 501, IOS 6.3(5) Static Nat from outside to inside not working

laurentElens
Level 1
Level 1

‎07-23-2007 07:49 AM - edited ‎03-11-2019 03:48 AM

Hello,

I am stuck on an NAT for an incoming connection. On a command like

static (outside, inside) interface 192.168.1.3 netmask 255.255.255.255

[outside is the name of the outside interface to the DMZ,

inside is the name of the inside interface,

192.168.1.3 is the IP of the pinging computer from the DMZ to inside (on port TCP 20050)]

Nothing pass through to the inside side. The syslog messages I recieve during the attempt are

"build local-host outside: 192.168.1.3

build static translation from outside: 192.168.1.3 to inside 192.168.2.1

....

no translation group found found for tcp src outside 192.168.1.3/20050 dst inside 192.168.2.3/20050"

Has anyone any idea of what I should correct?

Greath thanks,

Laurent

Labels:
0 Helpful
18 Replies 18

laurentElens
Level 1
Level 1
In response to mattiaseriksson

‎08-01-2007 03:21 PM

Hello Mattia,

That's a good idea for a for a further step thanks.

But don't worry, I am waiting with an Ethereal on promiscuous mode on both side of the pix and it's not on the way back that my packets are blocked.

In fact nothing pass through from outside to inside. (Well, except the Xlates initiated on the inside interface).

Regards

0 Helpful

laurentElens
Level 1
Level 1
In response to laurentElens

‎08-01-2007 06:17 PM

I have to add than a "show xlate debug" command show the translation

1 in use, 7 most used

Flags: D - DNS, d - dump, I - identity, i - inside, n - no random,

o - outside, r - portmap, s - static

NAT from outside:192.168.1.3 to inside:192.168.2.1 flags s idle 0:00:06 timeout

3:00:00

with the idle timer updated on every attempt.

SO looks like the packets are translated but don't go out of the pix.

BUT I don't see a problematic ACL neither do I receive log from ACL blocked packet.

+ why then these log 3-305005: No translation ground found for ..."my packets"

???

0 Helpful

mattiaseriksson
Level 3
Level 3
In response to laurentElens

‎08-02-2007 02:18 AM

Well, I repeat that you _must_ define a static for the destination address or network, not just the source. I did not see that in your config. Perhaps you can attached your new config?

0 Helpful

laurentElens
Level 1
Level 1
In response to mattiaseriksson

‎08-02-2007 01:30 PM

Well Mattia, indeed that was the line which makes it work. I have to understand a bit further about the process, but indeed even to allow a simple a packet to pass through the pix from out to in, a translation from the destination address inside to that same address outside looks to be required.

Thank you very much for your help, I don't think I would have make it without you!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card