NoNat with errors on ASA 5505

Discussion in 'Cisco' started by lynxul, Feb 7, 2009.

  1. lynxul

    lynxul

    Joined:
    Feb 7, 2009
    Messages:
    2
    Hi All!

    I keep receiving error 305005 on the nat translation of my backup line. The configs are below.

    When the main line (outside) is up everything works fine, but when the secondary line (outside-backup) is connected to the same destination (10.85.125.128/26 + 10.85.125.192/26) I receive this error message.

    NoNat is set up.

    Here is the error:

    Feb 07 2009 16:24:49 RO-FW01 : %ASA-3-305005: No translation group found for tcp src outside-backup:10.85.125.177/52782 dst inside:10.84.134.11/2000
    Feb 07 2009 16:24:50 RO-FW01 : %ASA-3-305005: No translation group found for tcp src outside-backup:10.85.125.240/52341 dst inside:10.84.134.11/2000
    Feb 07 2009 16:24:50 RO-FW01 : %ASA-3-305005: No translation group found for tcp src outside-backup:10.85.125.175/53049 dst inside:10.84.134.11/2000
    Feb 07 2009 16:24:50 RO-FW01 : %ASA-3-305005: No translation group found for udp src outside-backup:10.85.125.215/55446 dst inside:10.84.8.12/53

    And here are the configs:
    interface Ethernet0/0
    nameif outside
    security-level 0
    ip address 89.121.*.166 255.255.255.252
    interface Ethernet0/3
    nameif outside-backup
    security-level 0
    ip address 82.78.*.162 255.255.255.248
    access-list np-nonat1-inside extended permit ip any any

    nat-control
    nat (inside) 0 access-list np-nonat1-inside
     
    lynxul, Feb 7, 2009
    #1
    1. Advertising

  2. lynxul

    Zakkas

    Joined:
    Apr 26, 2006
    Messages:
    15
    I think your issue is related to the global (outside) interface commands. I don't see you having input them in your post.

    You'll need to add another "global (outside-backup) interfae" so that the ASA knows it can NAT address from internal to this interface as well.
     
    Zakkas, Feb 9, 2009
    #2
    1. Advertising

  3. lynxul

    lynxul

    Joined:
    Feb 7, 2009
    Messages:
    2
    I would agree, only that the "outside" interface works just fine.. so there must be something else at hand.
     
    lynxul, Feb 10, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. evolution.of.rod@gmail.com

    Need help with nonat

    evolution.of.rod@gmail.com, Nov 14, 2005, in forum: Cisco
    Replies:
    1
    Views:
    2,024
    Walter Roberson
    Nov 14, 2005
  2. mak

    basic nonat question pix

    mak, Sep 6, 2006, in forum: Cisco
    Replies:
    5
    Views:
    8,166
    Walter Roberson
    Sep 6, 2006
  3. bjorn@kumlait.se
    Replies:
    1
    Views:
    3,404
    bjorn@kumlait.se
    Jun 17, 2007
  4. Dogg Child

    Re: ASA 5505 behind ASA 5505

    Dogg Child, Jun 7, 2010, in forum: Cisco
    Replies:
    0
    Views:
    704
    Dogg Child
    Jun 7, 2010
  5. Dogg Child

    ASA 5550 behind ASA 5505

    Dogg Child, Jun 7, 2010, in forum: Cisco
    Replies:
    4
    Views:
    1,101
    Morph
    Jun 8, 2010
Loading...

Share This Page