Hi Nick,
The static nat is bidirectional by nature, i.e. it doesn't really care
where the connection is initiated from. I don't see the value of the other
nat statements. You would only need an access-list to permit traffic from
the outside zone to the server.
Thanks
On Tue, Nov 22, 2011 at 7:19 PM, Nick E <ccienovice_at_gmail.com> wrote:
> Hi,
>
> I have configured bidirectional NAT on ASA. The configuration is as
> follows:-
>
> ======================
> nat (outside) 4 access-list OUT-TO-SVR outside
> !
> global (inside) 4 172.30.30.1
> !
> access-list OUT-TO-SVR extended permit ip any host 192.168.10.1
> !
> static (inside,outside) 192.168.10.1 172.30.10.1 netmask 255.255.255.255
> ========================
>
> I am facing problem where the local ip is not getting translated to global
> but from internet the server is reachable. To be precise, server can't
> access internet but from internet the server is reachable.
>
> Please find the logs as follows:-
>
> %ASA-3-305005: No translation group found for icmp src INSIDE:172.30.10.1
> dst OUTSIDE:203.199.44.37 (type 8, code 0)
>
> Thanks in advance
>
> Regards,
> Nikhil
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- KJ Blogs and organic groups at http://www.ccie.netReceived on Wed Nov 23 2011 - 13:20:24 ART
This archive was generated by hypermail 2.2.0 : Thu Dec 01 2011 - 06:29:31 ART