«

Hi everybody,

I have configured 2 DMZ zone on the same ethernet using 2 VLANs, one
is a phisical interface and the other is a virtual interface. The
first dmz (DMZ1) use public IPs while the second (DMZ2) use private
IPs.

Hosts in the DMZ2 can access outside withoug problem usign dynamic nat
but can't access the DMZ1 hosts. The error message is

%PIX-3-305005: No translation group found for udp src DMZ2:host/port
dst DMZ1:host/port

I configured a static nat with following line:

static (DMZ2,DMZ1) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0

It seems this rule is never matched. I would like hosts inside DMZ2 to
access DMZ1 without a real nat but using they original ip address as
is for hosts in the INSIDE interface.

Where I am wrong? is it possible to do such a nat between phisical and
virtual interfaces?

TIA,

AV