[c-nsp] VPN PIX 6.x Translation issue
Peter Rathlev
peter at rathlev.dk
Mon Feb 2 12:46:41 EST 2009
On Mon, 2009-02-02 at 15:57 +0000, William wrote:
...
> outside: 0
> inside: 100
> inside2: 90
>
> When I try to speak to inside2 hosts, I get the following error:
>
> %PIX-3-305005: No translation group found for icmp src
> outside:10.10.199.3 dst inside2:192.168.0.1 (type 8, code 0)
>
> I'm very confused as to where I should be putting global/nat
> statements... so far my setup consists of:
>
> nat (inside) 0 access-list inside_outbound_nat0_acl
> nat (inside) 1 10.10.200.0 255.255.255.0 0 0
> nat (inside2) 0 access-list office_outbound_nat0_acl
> nat (inside2) 1 192.168.0.0 255.255.255.0 0 0
> global (outside) 1 interface
You probably want a NAT-0 for traffic from inside2 to you VPN, i.e.
assuming your VPN users are 10.10.199.0/24:
access-list office_outbound_nat0_acl permit ip 192.168.0.0 255.255.255.0 10.10.199.0 255.255.255.0
What does the inside_outbound_nat0_acl ACL look like when it works
there?
Regards,
Peter
More information about the cisco-nsp
mailing list