Problem:
======
Info: I got a problem where I cant ping from a router to inside network.Suspect Nat Problem based on googling.
Log inside PIX
May 23 2013 07:07:21: %PIX-3-305005: No translation group found for tcp src Outside:10.35.24.121/3195 dst inside:10.35.189.172/445
Step:
======
Using Packetracer command in PIX 525 as command below.
packet-tracer input Outside tcp 10.35.24.121 3195 10.35.189.172 445 detailed
Result from Packetracer:
===============
Phase: 6
Type: NAT
Subtype: rpf-check
Result: DROP
Config:
nat (inside) 1 access-list net
nat-control
match ip inside 10.35.16.0 255.255.224.0 Outside any
dynamic translation to pool 1 (10.40.9.2 [Interface PAT])
translate_hits = 3185, untranslate_hits = 0
Additional Information:
Forward Flow based lookup yields rule:
out id=0x4dc4d38, priority=2, domain=nat-reverse, deny=false
hits=1782778, user_data=0x4d2e470, cs_id=0x0, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=10.35.16.0, mask=255.255.224.0, port=0
Solution :
======
PIX#access-list inside_nat0_outbound extended permit ip 10.35.16.0 255.255.224.0 10.40.9.0 255.255.255.0
PIX#nat(inside) 0 access-list inside_nat0_outbound
==EOF==
*p/s: Problem might be different then real situation.I also just try and error based on below reference.
Credit : experts-exchange.com(User Config)
No comments:
Post a Comment