PIX 7.0: DMZ to Inside NAT

Hey guys,

Trying to write a rule to allow LDAP DMZ traffic to get to a server on the inside LAN and my PIX is logging this message:

No Translation group for tcp src:dmz192.168.0.5/47770 dst inside:172.16.0.2/389. Explanation: A packet does not match any of the outbound nat command rules.

I believe my ACL is ok, but how do I tell it that it doesn't have to do NAT between the DMZ and inside (or does it?!)

TIA...

Sorry I'm an ASA/PIX newbie (not for long I hope).

Find more posts tagged with

Comments

bighornsheep

you probably need a NAT exempt rule.

Remember, high to low, good to go!

hypnotoad

Actually this page (http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807fc191.shtml#DMZ2inside) has pretty much the exact config I need. But it doesn't work. At the moment, 'doesn't work' is the most accurate description I have

Ahriakin

You can turn nat control off and it removes the need to have translations for all inter-zone traffic, it's just ' no nat-control'. Just make sure your ACLs are perfect as you won't have the safety net of havign to have those NAT rules aswell anymore.