ASA 7.2.2 No translation group found for

Unanswered Question
Oct 21st, 2007


We have a Cisco ASA Setup that is configured for VPN for Remote Access to our Internal Network.

Without any configuration change on the firewall, we have observed that even though the VPN gets connected, no active traffic passes through the VPN Tunnel.

We have observed from the logs that the firewall throws 3 Oct 21 2007 22:50:54 305005 No translation group found for icmp src Outside: dst inside: (type 8, code 0).

We also tried configuring the NAT Exempt Rule which has not helped us in resolving this scenario.

Attached is the configuration of the firwall. Any help in this regard is highly appreciated.


Sriharshaa Prabhakar

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
yuri_slobodyanyuk Sun, 10/21/2007 - 14:03

few things that seem to get mixed up:

1) To your VPN clients you are assigning IPs that belong to internal LAN


ip local pool vpn-add mask


tunnel-group itmohesr general-attributes

address-pool vpn-add

That won't work, you probably intend to:

tunnel-group itmohesr general-attributes

address-pool mohesrpool

2) Split tunnel ACL that was done in ASDM looks a bit awkward to me:

split-tunnel-network-list value cisco_splitTunnelAcl


access-list cisco_splitTunnelAcl standard permit

It is not a problem of course as I guess you

want to disable VPN users from connecting to

anything else when connected to VPN but it will look a bit more clear if you do usual extended ACL and just put ANY as destination,

and why not to put netmask as it is configured on interface /24 ?

3) In current status it is still missing nat-exempt:

nat (inside) 0 access-list NONAT

access-list NONAT permit ip

Hope this helps,


Sriharshaa Prabhakar Sun, 10/21/2007 - 14:11

Hi Yuri,

Thanks for the reply, I have sat ad debuued the problem, I have also done the same changem instead of standard ACL, I have configured extended ACL and the NAT0 is in place now with correct configuration. Looks like someone has tried to change the config that has affected the VPN Services.

Now its working fine, again thanks for your reply.


Sriharshaa Prabhakar


This Discussion