- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: nat problem posted 11/15/2008
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

No luck with even global (inside) 1 interface command , it is still giving
translation error. I could get it runnin using a static mapping for the
destination host with
static (i,i)

As per my understanding what happening is since nat is enable for and source and destination both exist on the same
interface if PIX
receive a packet which has destination on subnet it looks for
xlate table to check if there is already an entry for
The problem here is not the source translation but the destination

This case would be same as if we have a packets coming from the outside to
inside interface and we do not have entry in xlate table(provided we have
nat enabled for the host on the inside network)


2008/11/15 Farrukh Haroon <farrukhharoon@xxxxxxxxx>

>  Once you apply dynamic translation to an interface, 'no nat-control' rule
> no longer applies.
> Remove the NAT 0 command and put the global command I gave ya, it will
> work!
> Regards
> Farrukh
>   On Sat, Nov 15, 2008 at 10:56 AM, Ajay mehra <ajaymehra01@xxxxxxxxx>wrote:
>> Thanks for the quick reply but none of these solution work, I still get
>> the same message
>> This is what I added to the PIX configs.
>> access-list EXEMPT per ip ho ho
>>   nat (inside) 0 access-list EXEMPT
>> I do not understand 1st of all why would It look for translation when I do
>> not have either nat-control or nat(inside) 1 0 0 configured.
>> Thanks,
>> Ajay
>> 2008/11/15 Farrukh Haroon <farrukhharoon@xxxxxxxxx>
>>  Either exempt this traffic from NAT or add the following:
>>> global (inside) 1 interface
>>>  On Sat, Nov 15, 2008 at 10:27 AM, Ajay mehra <ajaymehra01@xxxxxxxxx>wrote:
>>>> Hi Guys,
>>>> I have one host on the inside interface of PIX which is ,
>>>> Also
>>>> there is another host again on the inside interface. As
>>>> a traffic policy any traffic from to must go to
>>>> PIX
>>>> and come back on the same interface(inside). But due to some reason when
>>>> I
>>>> ping from to I keep getting these messages on
>>>> PIX
>>>> console
>>>> %PIX-3-305005: No translation group found for icmp src inside:
>>>> dst
>>>> inside: (type 8, code 0)
>>>> I have the following configs on PIX related to Nat.
>>>> PIX(config)# sh run | i nat|global|same
>>>> same-security-traffic permit intra-interface
>>>> global (outside) 1 interface
>>>> nat (inside) 1
>>>> Now I do not understand why is PIX looking for translation for
>>>> when there is no nat-control on the PIX. Intersting
>>>> thing is as soon
>>>> as I remove nat(inside) 1 statement ping starts working.
>>>> Can you guys please help me out to understand this concept?
>>>> Thanks,
>>>> Ajay
>>>> Blogs and organic groups at
>>>> _______________________________________________________________________
>>>> Subscription information may be found at: