 |
|
| Computers Forum Index » Computer - DCOM - Cisco » Using PIX for IPSEC VPN... |
|
Page 1 of 1 |
|
| Author |
Message |
| Ann Tone... |
 Posted: Mon Oct 19, 2009 5:17 am |
|
|
|
Guest
|
Hello All,
I have a PIX 515 that's configured as a VPN IPSEC provider, amongst other
things. When establishing a tunnel, everything goes fine but the VPN machine
isn't able to ping anything inside. The log is showing something like
305005: No translation group found for icmp src outside:192.168.10.2 dst
inside:192.168.2.11 (type 8, code 0)
whereby 192.168.10.2 is the VPN IP address.
What's going wrong here ? Do I need nat/global or static entry for the VPNed
network, especially given that they seem to be on the outside interface ?
Many thanks for your help in advance !
Best wishes |
|
|
| Back to top |
|
|
|
| Christoph Gartmann... |
| Posted: Mon Oct 19, 2009 9:45 am |
|
|
|
Guest
|
In article <4adbe7c2$0$31257$607ed4bc at (no spam) cv.net>, "Ann Tone" <no at (no spam) spam.please> writes:
Quote: I have a PIX 515 that's configured as a VPN IPSEC provider, amongst other
things. When establishing a tunnel, everything goes fine but the VPN machine
isn't able to ping anything inside. The log is showing something like
305005: No translation group found for icmp src outside:192.168.10.2 dst
inside:192.168.2.11 (type 8, code 0)
whereby 192.168.10.2 is the VPN IP address.
What's going wrong here ? Do I need nat/global or static entry for the VPNed
network, especially given that they seem to be on the outside interface ?
Many thanks for your help in advance !
You may need a routing statement, either of the form
crypto dynamic-map outside_dyn_map 20 set reverse-route
and/or something like
route guests 0.0.0.0 0.0.0.0 192.168.20.254 tunneled
Regards,
Christoph Gartmann
--
Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -80464
Immunbiologie
Postfach 1169 Internet: gartmann at (no spam) immunbio dot mpg dot de
D-79011 Freiburg, Germany
http://www.immunbio.mpg.de/home/menue.html |
|
|
| Back to top |
|
|
|
| Jyri Korhonen... |
| Posted: Mon Oct 19, 2009 1:56 pm |
|
|
|
Guest
|
"Ann Tone" <no at (no spam) spam.please> wrote:
Quote: I have a PIX 515 that's configured as a VPN IPSEC provider, amongst other
things. When establishing a tunnel, everything goes fine but the VPN machine
isn't able to ping anything inside. The log is showing something like
305005: No translation group found for icmp src outside:192.168.10.2 dst
inside:192.168.2.11 (type 8, code 0)
whereby 192.168.10.2 is the VPN IP address.
What's going wrong here ? Do I need nat/global or static entry for the VPNed
network, especially given that they seem to be on the outside interface ?
Maybe you don't have a no-nat rule for VPN clients. Something like
this:
access-list VPNclients permit ip 192.168.2.0 255.255.255.0 192.168.10.0 255.255.255.0
nat 0 access-list VPNclients |
|
|
| Back to top |
|
|
|
|
|
All times are GMT
The time now is Sat Dec 12, 2009 7:30 am
|
|