Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Reverse NAT and No Nat Translation Errors

Status
Not open for further replies.
oneciscokid

oneciscokid

Technical User
Aug 18, 2006
22
CA
Hello,

I'm having a problem getting reverse NAT's to work properly. I'm not entirely sure what I'm doing wrong so any help would be appreciated.

A piece of the config

interface ethernet0 10full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100

access-list acl_outside permit icmp any any
access-list acl_outside permit tcp any host 172.16.1.2 eq ssh

access-list acl_no_nat1 deny ip host 172.31.1.200 any
access-list acl_no_nat1 permit ip any any

ip address outside 172.31.1.1 255.255.255.0
ip address inside 172.16.1.1 255.255.255.0

global (outside) 1 interface
global (inside) 10 172.16.1.5-172.16.1.10
nat (outside) 0 access-list acl_no_nat1 outside
nat (outside) 10 172.31.1.200 255.255.255.255 outside 0 0
nat (inside) 1 172.16.1.0 255.255.255.0 0 0
access-group acl_outside in interface outside


Computer Outside --> 172.31.1.200
Computer Inside --> 172.16.1.2

Routes are in place on both computers.

I'm trying to ping from 172.31.1.200 to 172.16.1.2 but on the pix I'm getting the following errors:

305005: No translation group found for icmp src outside:172.31.1.200 dst inside:172.16.1.2 (type 8, code 0)
305005: No translation group found for icmp src outside:172.31.1.200 dst inside:172.16.1.2 (type 8, code 0)
305005: No translation group found for icmp src outside:172.31.1.200 dst inside:172.16.1.2 (type 8, code 0)


But when I do

pix# show xlate
1 in use, 3 most used
Global 172.16.1.5 Local 172.31.1.200


But there are no connections when doing a

#show conn

So there's an entry in the translation table but errors are coming in the logs.

Same happens if I try the reverse as well from 172.16.1.2 to ping 172.31.1.200 but with the
ips reversed in the logs.

Can anyone shed some light on this?

Thanks in Advance.
 
Sort by date Sort by votes
What are you trying to do? Are you trying to NAT 172.31.1.200 to your inside IP range? Is there any reason why you cannot just disable NAT so the computers can communicate using their native IPs?




 
Upvote 0 Downvote
Just a lab scenario, want to get a better understanding of Reverse NATs and No NATs.
 
Upvote 0 Downvote
Have you tried using a static nat instead to translate the inbound traffic from that host, i.e.

static (outside,inside) 172.16.1.5 172.31.1.200 netmask 255.255.255.255 0 0
 
Upvote 0 Downvote
Yes, I'm familiar with using statics. But would like to understand Reverse NATs and NoNATs. Do you by chance happen to have a working example?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
324
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
379
intel233
intel233
steve777777
  • Locked
  • Question
Cisco ASA VPN+NAT
Replies
0
Views
80
steve777777
steve777777
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
284
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
238
Nitta84
Nitta84

Part and Inventory Search

Sponsor

Back
Top