No translation group

[davek2003]

trying to get dns1 to talk to dns2 on the dmz
dns1 realip 208.0.0.0.1 nat 177.177.0.1
dns2 realip 208.0.0.0.2 nat 177.177.0.2
error showing up
no translation group found for udp src dmz 177.177.0.2 dest dmz 208.0.0.1

how do I get these to talk to each other with real ips

Thanks

Dave

 

[baddos]

static(dmz,outside) 208.0.0.1 177.177.0.1 netmask 255.255.255.255 0 0

static(dmz,outside) 208.0.0.2 177.177.0.2 netmask 255.255.255.255 0 0

access-list 101 permit udp any host 208.0.0.1 eq 53
access-list 101 permit udp any host 208.0.0.2 eq 53
acces-group 101 in interface outside

 

[davek2003]

That is what I have when I make changes in dns
on 177.177.0.1 it tries to update 208.0.0.2
because this is the secondary name server.
I need 177.177.0.1 to see 208.0.0.2 instead of 177.177.0.2
is this a problem because they are on the smae interface.

 

[baddos]

If it's your two DNS server talking to each other, use their real 177 addresses instead of the statics. Then they won't even involve the PIX.

 

[yizhar]

HI.

You can consider using registered ip addresses (208.0.0.1) on the DNS servers and "nat (dmz) 0", instead of the current configuration.
This is a complete change of the design but seems to me like the simpliest solution, because these are DNS servers, and any other solution will also make things complicated.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar