From: Farrukh Haroon (farrukhharoon@gmail.com)
Date: Sat Nov 15 2008 - 05:31:11 ARST
Either exempt this traffic from NAT or add the following:
global (inside) 1 interface
On Sat, Nov 15, 2008 at 10:27 AM, Ajay mehra <ajaymehra01@gmail.com> wrote:
> Hi Guys,
>
> I have one host on the inside interface of PIX which is 11.0.0.100 , Also
> there is another host 183.1.19.10 again on the inside interface. As
> a traffic policy any traffic from 11.0.0.100 to 183.1.19.10 must go to PIX
> and come back on the same interface(inside). But due to some reason when I
> ping from 11.0.0.100 to 183.1.19.10 I keep getting these messages on PIX
> console
>
> %PIX-3-305005: No translation group found for icmp src inside:11.0.0.100dst
> inside:183.1.19.10 (type 8, code 0)
>
>
> I have the following configs on PIX related to Nat.
>
> PIX(config)# sh run | i nat|global|same
> same-security-traffic permit intra-interface
> global (outside) 1 interface
> nat (inside) 1 183.1.0.0 255.255.0.0
>
> Now I do not understand why is PIX looking for translation for
> 11.0.0.0subnet when there is no nat-control on the PIX. Intersting
> thing is as soon
> as I remove nat(inside) 1 statement ping starts working.
>
> Can you guys please help me out to understand this concept?
>
>
> Thanks,
> Ajay
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:30 ARST