Advertisement

05.29.2007 at 12:29PM PDT, ID: 22600467
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
3.4

PIX 515E - 305005:No translation group for tcp

Asked by dfalldien in Networking Hardware Firewalls, Enterprise Firewalls, Cisco PIX Firewall

Tags: , , ,

I have a CISCO Pix 515E firewall with 3Vlans on one interface. (Inside DB and App). Both servers in this problem reside on the app vlan. I have 2 servers, one with the application (web based app - Server1- 192.168.2.102 (129.173.45.226) and the other server runs SQL2005 (Server2 - 192.168.2.103 (129.173.45.224).

When I try to log into the web app (from Server2) (with the user info stored in the SQL dbase on server2) it fails.In the PIX log, I get error 305005:No translation group for tcp src Appvlan: 192.168.2.103/1620 dst public:129.173.45.226/80. The software is all based on public IP's, so I tried to connect (via HTTP) to the public interface of the web app box.

Below is my conf log

Result of the command: "show conf"
names
!
interface Ethernet0
 description public access interface
 nameif public
 security-level 0
 ip address 129.173.45.228 255.255.255.128
!
interface Ethernet1
 description default interfance for use for management only
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Ethernet1.276
 description VLAN for app servers that are publicly accessable
 vlan 276
 nameif AppVLAN
 security-level 50
 ip address 192.168.2.1 255.255.255.0
!
interface Ethernet1.277
 description Vlan for db servers or other servers that can not be publicly accessed.
 vlan 277
 nameif dbVLAN
 security-level 50
 ip address 192.168.3.1 255.255.255.0
!
passwd H7cwc.H8mjpjab44 encrypted
ftp mode passive
clock timezone AST -4
clock summer-time ADT recurring
dns domain-lookup public
dns domain-lookup inside
dns domain-lookup AppVLAN
dns server-group DefaultDNS
 name-server 129.173.1.100
 name-server 129.173.5.100
 domain-name housing.dal.ca
same-security-traffic permit inter-interface
access-list public_access_in remark ICMP (ping) access from public zone to application zone (Dal campus only)
access-list public_access_in extended permit icmp 192.168.2.0 255.255.255.0 129.173.0.0 255.255.0.0
access-list public_access_in remark full access to app vlan from public zone (public access)
access-list public_access_in extended permit tcp any any
access-list public_access_in remark full udp access for DNS from public zone (public access)
access-list public_access_in extended permit udp any any
access-list public_access_in_V1 extended permit tcp 129.173.0.0 255.255.0.0 host 129.173.45.226 eq 524
access-list public_access_in_V1 extended permit tcp 129.173.0.0 255.255.0.0 host 129.173.45.224 eq 1042
access-list public_access_in_V1 remark ICMP (ping) access from pix to application zone (Dal campus only)
access-list public_access_in_V1 extended permit icmp 129.173.0.0 255.255.0.0 129.173.45.0 255.255.255.0
access-list public_access_in_V1 remark ssh access from pix to HCASWEB2 Server (Dal campus only)
access-list public_access_in_V1 extended permit tcp 129.173.0.0 255.255.0.0 host 129.173.45.196 eq ssh
access-list public_access_in_V1 remark ODBC access from pix to HCASWEB2 Server (Dal campus only)
access-list public_access_in_V1 extended permit tcp 129.173.0.0 255.255.0.0 host 129.173.45.196 eq 3306
access-list public_access_in_V1 remark remote desktop access from pix to management Server (dal subnet only)
access-list public_access_in_V1 extended permit tcp 129.173.0.0 255.255.0.0 host 192.168.2.101 eq 3389
access-list public_access_in_V1 remark remote desktop access from pix to SARS APP Server (dal subnet only)
access-list public_access_in_V1 extended permit tcp 129.173.0.0 255.255.0.0 host 129.173.45.226 eq 3389
access-list public_access_in_V1 remark remote desktop access from pix to SARS SQL Server (dal subnet only)
access-list public_access_in_V1 extended permit tcp 129.173.0.0 255.255.0.0 host 129.173.45.224 eq 3389
access-list public_access_in_V1 remark SARS chat program access from pix to SARS APP Server (dal subnet only)
access-list public_access_in_V1 extended permit tcp 129.173.0.0 255.255.0.0 host 129.173.45.226 eq 50000
access-list public_access_in_V1 remark SARS chat program access from pix to SARS APP Server (dal subnet only)
access-list public_access_in_V1 extended permit tcp 129.173.0.0 255.255.0.0 host 129.173.45.226 eq 50001
access-list public_access_in_V1 remark SARS file sharing access from pix to SARS APP Server (dal subnet only)
access-list public_access_in_V1 extended permit tcp 129.173.0.0 255.255.0.0 host 129.173.45.226 eq netbios-ssn
access-list public_access_in_V1 remark SARS file sharing access from pix to SARS APP Server (dal subnet only)
access-list public_access_in_V1 extended permit tcp 129.173.0.0 255.255.0.0 host 129.173.45.226 eq 445
access-list public_access_in_V1 remark SARS file sharing access from pix to SARS APP Server (dal subnet only)
access-list public_access_in_V1 extended permit udp 129.173.0.0 255.255.0.0 host 129.173.45.226 eq netbios-ns
access-list public_access_in_V1 remark SARS file sharing access from pix to SARS APP Server (dal subnet only)
access-list public_access_in_V1 extended permit udp 129.173.0.0 255.255.0.0 host 129.173.45.226 eq netbios-dgm
access-list public_access_in_V1 remark access from pix to HCASWEB2 Server (public internet)
access-list public_access_in_V1 extended permit tcp any host 129.173.45.196 eq www
access-list public_access_in_V1 remark https access from pix to HCASWEB2 Server (secure web public access)
access-list public_access_in_V1 extended permit tcp any host 129.173.45.196 eq https
access-list public_access_in_V1 remark UDP access from pix to HCASWEB2 Server (DNS lookup)
access-list public_access_in_V1 extended permit udp 129.173.0.0 255.255.0.0 host 129.173.45.196
access-list public_access_in_V1 remark UDP access from pix to HCASWEB2 Server (DNS lookup)
access-list public_access_in_V1 extended permit udp 129.173.0.0 255.255.0.0 host 129.173.45.226
access-list public_access_in_V1 remark UDP access from pix to HCASWEB2 Server (DNS lookup)
access-list public_access_in_V1 extended permit udp 129.173.0.0 255.255.0.0 host 129.173.45.224
access-list public_access_in_V1 remark ssh access from pix to HCAS-MYSQL Server (kil-cm-1.ucis.dal.ca)
access-list public_access_in_V1 extended permit tcp host 129.173.1.125 host 129.173.45.218 eq ssh
access-list dbVLAN_access_in remark ssh access to db vlan from public zone (kil-cm-1)
access-list dbVLAN_access_in extended permit tcp host 192.168.3.100 host 129.173.1.125 eq ssh
pager lines 24
logging enable
logging timestamp
logging monitor critical
logging asdm informational
logging from-address david.falldien@dal.ca
logging recipient-address david.falldien@dal.ca level critical
logging recipient-address ancillarysystems@mobility.blackberry.net level errors
logging class config monitor critical
mtu public 1500
mtu inside 1500
mtu AppVLAN 1500
mtu dbVLAN 1500
ip verify reverse-path interface public
ip verify reverse-path interface dbVLAN
ip audit name attack attack action alarm
ip audit name attackINFO info action alarm
ip audit interface dbVLAN attackINFO
ip audit interface dbVLAN attack
icmp permit host 129.173.45.171 public
icmp permit host 129.173.1.10 public
icmp permit host 129.173.45.129 public
icmp permit host 129.173.1.156 echo public
icmp permit host 129.173.1.156 public
icmp permit host 129.173.1.182 public
icmp permit host 129.173.45.129 inside
icmp permit any inside
icmp permit host 129.173.1.182 echo AppVLAN
asdm image flash:/asdm
asdm location 129.173.1.10 255.255.255.255 inside
asdm location 192.168.1.10 255.255.255.255 inside
asdm location 129.173.45.172 255.255.255.255 inside
asdm location 129.173.45.216 255.255.255.255 inside
asdm location 129.173.1.10 255.255.255.255 public
asdm location 129.173.45.171 255.255.255.255 public
asdm location 129.173.0.0 255.255.0.0 public
asdm location 129.173.47.151 255.255.255.255 public
asdm location 129.173.55.61 255.255.255.255 public
asdm location 192.168.2.100 255.255.255.255 AppVLAN
asdm location 192.168.3.100 255.255.255.255 public
asdm location 192.168.3.100 255.255.255.255 dbVLAN
asdm location 129.173.1.100 255.255.255.255 public
asdm location 192.168.3.100 255.255.255.255 AppVLAN
asdm location 129.173.45.218 255.255.255.255 public
asdm location 129.173.45.217 255.255.255.255 public
asdm location 129.173.45.219 255.255.255.255 public
asdm location 192.168.2.101 255.255.255.255 AppVLAN
asdm location 192.168.3.101 255.255.255.255 AppVLAN
asdm location 129.173.45.218 255.255.255.255 inside
asdm location 129.173.45.196 255.255.255.255 public
asdm location 129.173.45.196 255.255.255.255 inside
asdm location 129.173.1.156 255.255.255.255 public
asdm location 192.168.3.101 255.255.255.255 dbVLAN
asdm location 129.173.1.125 255.255.255.255 public
asdm location 192.168.2.102 255.255.255.255 AppVLAN
asdm location 192.168.2.103 255.255.255.255 AppVLAN
asdm history enable
arp timeout 14400
global (inside) 100 192.168.1.10-192.168.1.100
global (AppVLAN) 150 192.168.3.101-192.168.3.254 netmask 255.255.255.0
global (dbVLAN) 200 192.168.2.101-192.168.2.254 netmask 255.255.255.0
static (public,AppVLAN) 192.168.2.100 129.173.45.196 netmask 255.255.255.255
static (public,dbVLAN) 192.168.3.100 129.173.45.218 netmask 255.255.255.255
static (public,AppVLAN) 192.168.2.102 129.173.45.226 netmask 255.255.255.255
static (public,AppVLAN) 192.168.2.103 129.173.45.224 netmask 255.255.255.255
static (AppVLAN,public) 129.173.45.196 192.168.2.100 netmask 255.255.255.255
static (AppVLAN,public) 129.173.45.226 192.168.2.102 netmask 255.255.255.255
static (AppVLAN,public) 129.173.45.224 192.168.2.103 netmask 255.255.255.255
static (dbVLAN,public) 129.173.45.218 192.168.3.100 netmask 255.255.255.255
static (dbVLAN,public) 129.173.45.186 192.168.3.101 netmask 255.255.255.255
static (public,dbVLAN) 192.168.3.101 129.173.45.186 netmask 255.255.255.255 dns
access-group public_access_in_V1 in interface public
access-group public_access_in in interface AppVLAN
access-group dbVLAN_access_in in interface dbVLAN
route public 0.0.0.0 0.0.0.0 129.173.45.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username dfalldien password Acpon54bWii7SAwB encrypted privilege 15
http server enable
http 129.173.55.61 255.255.255.255 public
http 129.173.45.0 255.255.255.128 public
http 192.168.1.0 255.255.255.0 inside
http 192.168.2.0 255.255.255.0 AppVLAN
http 192.168.3.0 255.255.255.0 dbVLAN
snmp-server host inside 129.173.55.61 community PIX
snmp-server location B028 Risley Hall
snmp-server contact Dalcard Office
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.1.0 255.255.255.0 inside
telnet 192.168.2.0 255.255.255.0 AppVLAN
telnet 192.168.3.0 255.255.255.0 dbVLAN
telnet timeout 15
ssh 192.168.55.61 255.255.255.255 public
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd address 192.168.2.103-192.168.2.254 AppVLAN
dhcpd address 192.168.3.101-192.168.3.254 dbVLAN
dhcpd dns 129.173.1.100 129.173.5.100
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd domain housing.dal.ca
dhcpd auto_config dbVLAN
dhcpd enable AppVLAN

any help would be appriciated.Start Free Trial
 
Keywords: PIX 515E - 305005:No transla…
Title
1 PIX 515 SSH access
2 SSH not success to access PIX/ASA …
3 Nat on the the a Cisco PIX
4 PIX SSH
5 PIX 501 Newbie Question
6 Changing Cisco Pix Static Route to RA…
 
Loading Advertisement...
 
[+][-]05.29.2007 at 01:09PM PDT, ID: 19175139

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.30.2007 at 05:22AM PDT, ID: 19179168

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]05.30.2007 at 11:40AM PDT, ID: 19182442

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]05.30.2007 at 12:01PM PDT, ID: 19182615

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.30.2007 at 12:14PM PDT, ID: 19182711

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.01.2007 at 07:18AM PDT, ID: 19195156

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.01.2007 at 09:28AM PDT, ID: 19196173

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.01.2007 at 09:32AM PDT, ID: 19196193

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.01.2007 at 11:59AM PDT, ID: 19197141

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.01.2007 at 11:59AM PDT, ID: 19197147

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.01.2007 at 12:14PM PDT, ID: 19197287

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.11.2007 at 07:55AM PDT, ID: 19258587

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.11.2007 at 08:04AM PDT, ID: 19258666

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.12.2007 at 09:40AM PDT, ID: 19267706

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.13.2007 at 05:27AM PDT, ID: 19273810

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.13.2007 at 06:35AM PDT, ID: 19274408

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.13.2007 at 07:00AM PDT, ID: 19274629

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.13.2007 at 11:30AM PDT, ID: 19276842

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Networking Hardware Firewalls, Enterprise Firewalls, Cisco PIX Firewall
Tags: pix, translation, group, 305005
Sign Up Now!
Solution Provided By: theeter
Participating Experts: 2
Solution Grade: C
 
 
[+][-]08.14.2007 at 07:46AM PDT, ID: 19692269

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32