RA VPN Error

Unanswered Question
May 10th, 2007
User Badges:

Hi Gents,

I have configured 2xRA VPN connections.



ip local pool inside_pool 10.10.105.1-10.10.105.254 mask 255.255.255.0


ip local pool dmz_pool 10.10.104.1-10.10.104.254 mask 255.255.255.0


I have acl restrictions for both pool. Inside_pool has access to inside network:

for instance 10.20.1.0/24

It is working fine.

DMZ_pool has access to dmz servers.

But it doesn't work.

I can manage connecting by RA VPN(dmz_pool). But i can't reach the servers in DMZ. I saw in logs that "no translation group found for outside ip 10.10.104.1 "


Is it normal that ASA asking me about NAT configuration for OUTSIDE?


I do the same for inside_pool, except that access goes to inside interface,not to dmz interface.It is working fine without any nat translation requirements.


Any comments will be appreciated.

Leo



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mfreijser Thu, 05/10/2007 - 03:18
User Badges:
  • Bronze, 100 points or more

A nonat access-list from the DMZ to the OUTSIDE should do the trick:


----------------------------------------------

access-list nonat_dmz permit ip 10.10.104.0 255.255.255.0


nat (dmz) 0 access-list nonat_dmz

----------------------------------------------


Note that this will no affect any statics already created for the DMZ-subnet!


Please rate if the post helps!


Regards,


Michael

Actions

This Discussion