Re: nat problem

From: Farrukh Haroon (farrukhharoon@gmail.com)
Date: Sat Nov 15 2008 - 05:58:13 ARST

• Next message: Bit Gossip: "MST documentation"
• Previous message: Ajay mehra: "Re: nat problem"
• Maybe in reply to: Ajay mehra: "nat problem"
• Next in thread: Ajay mehra: "Re: nat problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Once you apply dynamic translation to an interface, 'no nat-control' rule no
longer applies.

Remove the NAT 0 command and put the global command I gave ya, it will work!

Regards

Farrukh

On Sat, Nov 15, 2008 at 10:56 AM, Ajay mehra <ajaymehra01@gmail.com> wrote:

> Thanks for the quick reply but none of these solution work, I still get the
> same message
>
> This is what I added to the PIX configs.
>
> access-list EXEMPT per ip ho 11.0.0.100 ho 183.1.19.10
> nat (inside) 0 access-list EXEMPT
>
> I do not understand 1st of all why would It look for translation when I do
> not have either nat-control or nat(inside) 1 0 0 configured.
>
> Thanks,
> Ajay
> 2008/11/15 Farrukh Haroon <farrukhharoon@gmail.com>
>
> Either exempt this traffic from NAT or add the following:
>>
>> global (inside) 1 interface
>>
>> On Sat, Nov 15, 2008 at 10:27 AM, Ajay mehra <ajaymehra01@gmail.com>wrote:
>>
>>> Hi Guys,
>>>
>>> I have one host on the inside interface of PIX which is 11.0.0.100 ,
>>> Also
>>> there is another host 183.1.19.10 again on the inside interface. As
>>> a traffic policy any traffic from 11.0.0.100 to 183.1.19.10 must go to
>>> PIX
>>> and come back on the same interface(inside). But due to some reason when
>>> I
>>> ping from 11.0.0.100 to 183.1.19.10 I keep getting these messages on PIX
>>> console
>>>
>>> %PIX-3-305005: No translation group found for icmp src inside:11.0.0.100dst
>>> inside:183.1.19.10 (type 8, code 0)
>>>
>>>
>>> I have the following configs on PIX related to Nat.
>>>
>>> PIX(config)# sh run | i nat|global|same
>>> same-security-traffic permit intra-interface
>>> global (outside) 1 interface
>>> nat (inside) 1 183.1.0.0 255.255.0.0
>>>
>>> Now I do not understand why is PIX looking for translation for
>>> 11.0.0.0subnet when there is no nat-control on the PIX. Intersting
>>> thing is as soon
>>> as I remove nat(inside) 1 statement ping starts working.
>>>
>>> Can you guys please help me out to understand this concept?
>>>
>>>
>>> Thanks,
>>> Ajay
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Bit Gossip: "MST documentation"
• Previous message: Ajay mehra: "Re: nat problem"
• Maybe in reply to: Ajay mehra: "nat problem"
• Next in thread: Ajay mehra: "Re: nat problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:30 ARST