Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > NoNat with errors on ASA 5505

Reply
Thread Tools

NoNat with errors on ASA 5505

 
 
lynxul lynxul is offline
Junior Member
Join Date: Feb 2009
Posts: 2
 
      02-07-2009
Hi All!

I keep receiving error 305005 on the nat translation of my backup line. The configs are below.

When the main line (outside) is up everything works fine, but when the secondary line (outside-backup) is connected to the same destination (10.85.125.128/26 + 10.85.125.192/26) I receive this error message.

NoNat is set up.

Here is the error:

Feb 07 2009 16:24:49 RO-FW01 : %ASA-3-305005: No translation group found for tcp src outside-backup:10.85.125.177/52782 dst inside:10.84.134.11/2000
Feb 07 2009 16:24:50 RO-FW01 : %ASA-3-305005: No translation group found for tcp src outside-backup:10.85.125.240/52341 dst inside:10.84.134.11/2000
Feb 07 2009 16:24:50 RO-FW01 : %ASA-3-305005: No translation group found for tcp src outside-backup:10.85.125.175/53049 dst inside:10.84.134.11/2000
Feb 07 2009 16:24:50 RO-FW01 : %ASA-3-305005: No translation group found for udp src outside-backup:10.85.125.215/55446 dst inside:10.84.8.12/53

And here are the configs:
interface Ethernet0/0
nameif outside
security-level 0
ip address 89.121.*.166 255.255.255.252
interface Ethernet0/3
nameif outside-backup
security-level 0
ip address 82.78.*.162 255.255.255.248
access-list np-nonat1-inside extended permit ip any any

nat-control
nat (inside) 0 access-list np-nonat1-inside
 
Reply With Quote
 
 
 
 
Zakkas Zakkas is offline
Junior Member
Join Date: Apr 2006
Posts: 15
 
      02-09-2009
I think your issue is related to the global (outside) interface commands. I don't see you having input them in your post.

You'll need to add another "global (outside-backup) interfae" so that the ASA knows it can NAT address from internal to this interface as well.
 
Reply With Quote
 
 
 
 
lynxul lynxul is offline
Junior Member
Join Date: Feb 2009
Posts: 2
 
      02-10-2009
I would agree, only that the "outside" interface works just fine.. so there must be something else at hand.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ASA 5550 behind ASA 5505 Dogg Child Cisco 4 06-08-2010 06:56 PM
Re: ASA 5505 behind ASA 5505 Dogg Child Cisco 0 06-07-2010 12:13 PM
ASA 5505 as hardware vpn client to PIX 501 or ASA 5505 with network extension mode activated bjorn@kumlait.se Cisco 1 06-17-2007 12:43 PM
basic nonat question pix mak Cisco 5 09-06-2006 03:32 PM
Need help with nonat evolution.of.rod@gmail.com Cisco 1 11-14-2005 06:02 PM



Advertisments