Hello All,

I have a PIX 515 that's configured as a VPN IPSEC provider, amongst other things. When establishing a tunnel, everything goes fine but the VPN machine isn't able to ping anything inside. The log is showing something like

305005: No translation group found for icmp src outside: dst inside: (type 8, code 0)

whereby is the VPN IP address.

What's going wrong here ? Do I need nat/global or static entry for the VPNed network, especially given that they seem to be on the outside interface ? Many thanks for your help in advance !

Best wishes

Reply to
Ann Tone
Loading thread data ...


u need no nat in the interface outside and maybe routing.


Reply to
Jean Figueiredo

yes, you need a nat 0 and create an access-list for what you dont want to be translated to the outside address when traversing VPN.

a static will work as well.

Reply to
Marco Benton


Is the PIX 515E-R firewall still a reasonable choice as a stateful firewall? I know it is a discontinued item from Cisco but from what I have read from old reviews, it was a very good when it came out.

Any comments would be useful.

Thanks - Kevin

Reply to

Absolutely! The downside is cisco is no longer making software. Just keep an eye out for vulnerabilities in your version and determine if their risk is to high. Then when you have the budget for an ASA pick it up

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.