Question : No translation group found

Okay so I have a bit of a persistent NAT problem that I can't seem to get to the bottom of (largely due to lack of experience).

I have a pair of Cisco ASA firewalls set up like this with a leased line between (everything routes down the leased line):

    Wireless              Lots of Stuff
          |                          |
    FW-Site1   -------   FW-Site2   -------   Teh Internet
          |
      Wired

The object is to get a Wireless AP, which has its own interface on the Site1 firewall, to have pleasant conversations with things on the Internet. The Wired network works perfectly.

At present any connection to public things is throwing "No translation group found for tcp src <WirelessIf:SomeIP/63000> dst <LeasedLineIf:PublicIP/80>" whenever I try and make a connection to a public web site. Accessing "Lots of Stuff" works from Wireless (although DHCP relay is failing in quite an irritating way).

Since I've had no luck fixing this so far I'm open to suggestions about what I need to look at.

Chris

Answer : No translation group found

So after looking at all of this and looking at you NAT pieces and ACL's, my question would be to you and Jester that I feel the Wireless security level should be lets say 95. My reasoning is that there is no way(that I know of) to force internet traffic over the lease line easily(the acl's will get really messy). So let the device fall back to allowing higher level traffic flow to lover level. Seeing the wired is a rating of 100 it can flow across the leased but the wireless can not because it is lower.

That's my suggestion to try.

Good Luck,

3nerds
Random Solutions  
 
programming4us programming4us