I have a pix 515-e, running 6.3(5), and have been trying to get a basic vpn up and running, but can't finish for the life of me. I have the vpn connection working just fine, I get an ip from a local pool that I specify, but whenever I try to access the network behind the inside interface of the pix from the vpn I get an error: Jun 2 12:46:07 172.16.1.1 %PIX-3-305005: No translation group found for icmp src outside:172.16.3.11 dst inside:172.16.1.1 (type 8, code 0)
I am pulling out my hair trying to get this damn thing working but just don't know what else to try. Below is my config. Any help would be greatly appreciated:
interface ethernet0 auto interface ethernet1 auto interface ethernet1 vlan2 logical interface ethernet2 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 intf2 security4 nameif vlan2 vlan security50 enable password 2KFQnbNIdI.2KYOU encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pix0 domain-name domain.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list inbound permit icmp any any access-list inbound permit tcp any any access-list inbound permit udp any any access-list inbound permit ip any any access-list vpn_acl permit ip 172.16.3.0 255.255.255.0 172.16.1.0
255.255.255.0 access-list vpn_acl permit icmp 172.16.3.0 255.255.255.0 172.16.1.0 255.255.255.0 access-list vpn_acl permit udp 172.16.3.0 255.255.255.0 172.16.1.0 255.255.255.0 pager lines 24 logging on logging timestamp logging standby logging trap debugging logging facility 19 logging host inside 172.16.1.15 mtu outside 1500 mtu inside 1500 mtu intf2 1500 ip address outside 63.x.x.80 255.255.255.0 ip address inside 172.16.1.1 255.255.255.0 no ip address intf2 ip address vlan 172.16.2.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool vpn 172.16.3.1-172.16.3.254 pdm history enable arp timeout 60 global (outside) 1 interface nat (inside) 0 access-list vpn_acl nat (inside) 1 172.16.1.0 255.255.255.0 0 0 static (inside,outside) 63.x.x.82 172.16.1.4 netmask 255.255.255.255 0 0 access-group inbound in interface outside route outside 0.0.0.0 0.0.0.0 63.122.61.1 1 timeout xlate 0:05:00 timeout conn 0:30:00 half-closed 0:05:00 udp 0:01:00 rpc 0:10:00 h225 0:30:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server RADIUS (inside) host 172.16.1.15 cisco timeout 5 aaa-server LOCAL protocol local aaa-server radius protocol radius aaa-server radius max-failed-attempts 3 aaa-server radius deadtime 10 aaa-server partnerauth protocol radius aaa-server partnerauth max-failed-attempts 3 aaa-server partnerauth deadtime 10 aaa-server partnerauth (inside) host 172.16.1.15 abcdef timeout 5 http server enable http 172.16.1.3 255.255.255.255 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec sysopt connection permit-pptp sysopt connection permit-l2tp crypto ipsec transform-set myset esp-des esp-md5-hmac crypto dynamic-map dyna 20 set security-association lifetime seconds 3600 kilobytes 4608000 crypto dynamic-map dynmap 10 set transform-set myset crypto map mymap 10 ipsec-isakmp dynamic dynmap crypto map mymap client configuration address initiate crypto map mymap client configuration address respond crypto map mymap interface outside isakmp enable outside isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 isakmp identity address isakmp client configuration address-pool local vpn outside isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 1 isakmp policy 10 lifetime 86400 isakmp policy 20 authentication pre-share isakmp policy 20 encryption des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 vpngroup vpn3000-all address-pool vpn vpngroup vpn3000-all dns-server 63.x.x.10 vpngroup vpn3000-all wins-server 63.x.x.10 vpngroup vpn3000-all default-domain domain.com vpngroup vpn3000-all idle-time 1800 vpngroup vpn3000-all password ******** telnet 172.16.1.0 255.255.255.0 inside telnet timeout 30 ssh 0.0.0.0 0.0.0.0 outside ssh 172.16.1.0 255.255.255.0 inside ssh timeout 60 console timeout 0 vpdn group 1 accept dialin pptp vpdn group 1 ppp authentication pap vpdn group 1 ppp authentication chap vpdn group 1 ppp authentication mschap vpdn group 1 ppp encryption mppe 40 vpdn group 1 client configuration address local vpn vpdn group 1 pptp echo 60 vpdn group 1 client authentication local vpdn username jtrooney password ********* vpdn enable outside terminal width 80