PIX - no translation found - static has been configured ???

Traffic is not getting thru from outside to inside even though access
list is configured and static is configured.


305005: No translation group found for udp src outside:10.1.1.1/514 dst
inside:192.168.2.2/514


fw2# sh static

static (inside,outside) udp 10.1.1.1 syslog 192.168.2.2 syslog netmask
255.255.255.255 1 1

???

 

:Traffic is not getting thru from outside to inside even though access
:list is configured and static is configured.

:305005: No translation group found for udp src outside:10.1.1.1/514 dst
:inside:192.168.2.2/514

That message tells you that an outside system with source IP 10.1.1.1
and udp source port 514 attempted to access an inside system by
addressing it as 192.168.2.2 port 514.

:fw2# sh static

:static (inside,outside) udp 10.1.1.1 syslog 192.168.2.2 syslog netmask 255.255.255.255 1 1

That command says that any time someone on the outside sends a packet
to the PIX with *destination* IP 10.1.1.1 destination udp port 514,
that it is to be forwarded to the internal machine 192.168.2.2 udp port 514.

The first message implies that the remote system 10.1.1.1 knows to
send packets to 192.168.2.2 through the PIX. That being the case,
the static you would want would be

static (inside,outside) udp 192.168.2.2 syslog 192.168.2.2 syslog netmask 255.255.255.255 1 1

However, I would re-examine whether you really only want to allow one
syslog packet at a time through -- devices that produce log messages
might have several "in flight" at the same time, and you don't want your
PIX to be throwing away the extras that happen to occur before the
previous translation is torn down.