I'm configuring a PIX 525 and am able to access the outside using the 10.30.1.0/24 network, but the 10.30.2.0/24 network I have behind the firewall (connected to a CSS 11000) is able to access all devices inside the network behind the PIX, but is unable to access the outside. I get the following error when issuing a telnet to port 80 of an outside IP:
Here is my config:
Any help on this subject is much appreciated. Thanks in advance.
Code:
Sep 30 2008 14:29:54: %PIX-3-305005: No translation group found for tcp src inside:10.30.2.11/1488 dst outside:216.216.216.4/80Here is my config:
Code:
!
hostname pix
domain-name nodomain.com
enable password ******
passwd ******
names
dns-guard
!
interface Ethernet0
speed 100
duplex full
nameif outside
security-level 0
ip address xx.xx.xx.xx 255.255.255.192
!
interface Ethernet1
speed 100
duplex full
nameif inside
security-level 100
ip address 10.30.1.1 255.255.255.0
!
interface Ethernet2
shutdown
nameif intf2
security-level 4
no ip address
!
interface Ethernet3
shutdown
nameif intf3
security-level 6
no ip address
!
interface Ethernet4
shutdown
nameif intf4
security-level 8
no ip address
!
interface Ethernet5
shutdown
nameif intf5
security-level 10
no ip address
!
boot system flash:/image.bin
ftp mode passive
access-list inbound extended permit icmp any any
access-list inbound extended permit tcp any any eq 3389
access-list inbound extended permit tcp any host xx.xx.xx.xx eq ssh
access-list outbound extended permit tcp any any
access-list outbound extended permit icmp any any
access-list outbound extended permit udp any any
pager lines 24
logging enable
logging timestamp
logging buffered informational
logging trap warnings
logging facility 23
logging queue 16
mtu outside 1500
mtu inside 1500
mtu intf2 1500
mtu intf3 1500
mtu intf4 1500
mtu intf5 1500
no failover
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 10.30.1.0 255.255.255.0
static (inside,outside) tcp interface 3389 10.30.1.10 3389 netmask 255.255.255.255
access-group inbound in interface outside
access-group outbound in interface inside
access-group outbound out interface inside
route outside 0.0.0.0 0.0.0.0 xx.xx.xx.1 1
route inside 10.30.2.0 255.255.255.0 10.30.1.3 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
username xxxx password ****** encrypted privilege 15
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
no sysopt connection permit-ipsec
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 10.30.1.0 255.255.255.0 inside
telnet timeout 15
ssh 0.0.0.0 0.0.0.0 outside
ssh 10.30.1.0 255.255.255.0 inside
ssh timeout 5
ssh version 1
console timeout 0
dhcpd address 10.30.1.20-10.30.1.50 inside
dhcpd dns 206.14.125.10 206.14.125.20
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcpAny help on this subject is much appreciated. Thanks in advance.