We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
5 days, 15 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
PIX 506e - Allow inbound traffic
Posted on 2004-04-01
I am creating a new network nat'd behind a PIX 506e. I still need to allow users in the original network to access the new network. Outbound traffic works because the PIX allows this implicitly. I will have to close this down in the near future. I can't seem to allow any inbound traffic initiated from the outside. The log shows
%PIX-3-305005: No translation group found for tcp src outside:55.55.55.55/2832 dst inside:10.0.0.1/445
Basically I want to allow everything from outside network 55.55.55.0/24 to the inside network 10.0.0.0/23.
%PIX-3-305005: No translation group found for tcp src outside:55.55.55.55/2832 dst inside:10.0.0.1/445
Basically I want to allow everything from outside network 55.55.55.0/24 to the inside network 10.0.0.0/23.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3
2
6 Comments
Active today
I believe that your access list entry should look something like this:
access-list 160 permit ip 55.55.55.0 0.0.0.255 10.0.0.0/23 0.0.1.255
Kdo, the access-lists on a PIX use subnet masks. You must be more familiar with the access-lists on a router that use an inverse mask...
access-list outside_in permit ip 55.55.55.0 255.255.255.0 10.0.0.0 255.255.254.0
access-group outside_in in interface outside
access-list outside_in permit ip 55.55.55.0 255.255.255.0 10.0.0.0 255.255.254.0
access-group outside_in in interface outside
Oh, yes, assuming that you do not want to nat the traffic between 55.55.55.0 and 10.0.0.0, add these lines:
access-list no_nat permit 10.0.0.0 255.255.254.0 55.55.55.0 255.255.255.0
nat(inside) 0 access-list no_nat
access-list no_nat permit 10.0.0.0 255.255.254.0 55.55.55.0 255.255.255.0
nat(inside) 0 access-list no_nat
Active today
Good catch....
I don't care how these devices represent the mask values internally -- you'd think that at least the language syntax would be similar.
:-)
Thanks lrmooore. That worked. But I have another question(s) about this.
How would I change the configuration to nat the outside address, so that they appear to be coming from the inside interface?
What would be the reasons to do or not to do this? I understand nat going outbound is to hide the inside network, but why would I want to hide the outside network?
How would I change the configuration to nat the outside address, so that they appear to be coming from the inside interface?
What would be the reasons to do or not to do this? I understand nat going outbound is to hide the inside network, but why would I want to hide the outside network?
Featured Post
Worried about ransomware attacks hitting your organization? The good news is that these attacks are predicable and therefore preventable. Learn more about how you can stop a ransomware attacks before encryption takes place with WatchGuard Total Security!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Suggested Solutions
| Title | # Comments | Views | Activity |
|---|---|---|---|
| Cisco WRVS4400N | 11 | 71 | |
| no PBR recursive or PBR | 9 | 28 | |
| pptp through Cisco ASA5505 V7 | 5 | 51 | |
| New CLI Commands Needed for Cisco ASA 5506 | 5 | 64 |
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list. It is designed to be downloaded as a file, with primary intention…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Both in life and business – not all partnerships are created equal.
As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’
As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month5 days, 15 hours left to enroll
734 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.