From: Ajay mehra (ajaymehra01@gmail.com)
Date: Sat Nov 15 2008 - 05:27:43 ARST
Hi Guys,
I have one host on the inside interface of PIX which is 11.0.0.100 , Also
there is another host 183.1.19.10 again on the inside interface. As
a traffic policy any traffic from 11.0.0.100 to 183.1.19.10 must go to PIX
and come back on the same interface(inside). But due to some reason when I
ping from 11.0.0.100 to 183.1.19.10 I keep getting these messages on PIX
console
%PIX-3-305005: No translation group found for icmp src inside:11.0.0.100 dst
inside:183.1.19.10 (type 8, code 0)
I have the following configs on PIX related to Nat.
PIX(config)# sh run | i nat|global|same
same-security-traffic permit intra-interface
global (outside) 1 interface
nat (inside) 1 183.1.0.0 255.255.0.0
Now I do not understand why is PIX looking for translation for
11.0.0.0subnet when there is no nat-control on the PIX. Intersting
thing is as soon
as I remove nat(inside) 1 statement ping starts working.
Can you guys please help me out to understand this concept?
Thanks,
Ajay
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:30 ARST