Hello All,

I have a PIX 515 that's configured as a VPN IPSEC provider, amongst other things. When establishing a tunnel, everything goes fine but the VPN machine isn't able to ping anything inside. The log is showing something like

305005: No translation group found for icmp src outside: dst inside: (type 8, code 0)

whereby is the VPN IP address.

What's going wrong here ? Do I need nat/global or static entry for the VPNed network, especially given that they seem to be on the outside interface ? Many thanks for your help in advance !

Best wishes

Reply to
Ann Tone
Loading thread data ...

You may need a routing statement, either of the form crypto dynamic-map outside_dyn_map 20 set reverse-route and/or something like route guests tunneled

Regards, Christoph Gartmann

Reply to
Christoph Gartmann

Maybe you don't have a no-nat rule for VPN clients. Something like this:

access-list VPNclients permit ip nat 0 access-list VPNclients
Reply to
Jyri Korhonen Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.