Thanks I'll give it a try. I don't understand why nat (outside) 0 access-list inside_nat0_ won't work.

Brett,

I tried nat (inside) 0 access-list inside_nat0_outbound and it still didn't work.

Here's how access-list inside_nat0_outbound looks like:

access list inside_nat0_outbound extended permit ip any 172.20.19.64 255.255.255.192

access list inside_nat0_outbound extended permit ip any 172.25.1.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip any 172.20.146.0 255.255.255.248

access-list inside_nat0_outbound extended permit ip any 172.20.144.0 255.255.255.248

access-list inside_nat0_outbound extended permit ip any 172.20.142.0 255.255.255.248

access-list inside_nat0_outbound extended permit ip any 172.20.141.16 255.255.255.248

access-list inside_nat0_outbound extended permit ip any 172.20.141.24 255.255.255.248

access-list inside_nat0_outbound extended permit ip any 172.20.146.8 255.255.255.248

access-list inside_nat0_outbound extended permit ip any 172.20.141.8 255.255.255.248

access-list inside_nat0_outbound extended permit ip any 172.20.141.32 255.255.255.248

access-list inside_nat0_outbound extended permit ip any 172.20.141.40 255.255.255.248

access-list inside_nat0_outbound extended permit ip any 172.20.141.48 255.255.255.248

access-list inside_nat0_outbound extended permit ip any 172.20.141.56 255.255.255.248

access-list inside_nat0_outbound extended permit ip any 172.20.141.64 255.255.255.248

access-list inside_nat0_outbound extended permit ip any 172.20.141.72 255.255.255.248

I applied this: nat (inside) 0 access-list inside_nat0_outbound

and it still doesn't work. From the syslog i get the following:

07:25 PM isi-950-dc-fw01 Error No translation group found for icmp src outside:172.25.1.19 dst outside:172.20.144.1 (type 8, code 0)

07:24 PM isi-950-dc-fw01 Error No translation group found for icmp src outside:172.25.1.19 dst outside:172.20.144.1 (type 8, code 0)

07:24 PM isi-950-dc-fw01 Error No translation group found for icmp src outside:172.25.1.19 dst outside:172.20.144.1 (type 8, code 0)

Can you post a sanitized copy of your config?

Thanks

Thanks, here it is. Just remember, we have all of our VPN sites coming to us and we don't allow split tunneling.

nat (outside) 10 172.x.141.8 255.255.255.248

nat (outside) 10 172.x.141.16 255.255.255.248

nat (outside) 10 172.x.141.24 255.255.255.248

nat (outside) 10 172.x.141.32 255.255.255.248

nat (outside) 10 172.x.141.40 255.255.255.248

nat (outside) 10 172.x.141.48 255.255.255.248

nat (outside) 10 172.x.141.56 255.255.255.248

nat (outside) 10 172.x.141.64 255.255.255.248

nat (outside) 10 172.x.141.72 255.255.255.248

nat (outside) 10 172.x.142.0 255.255.255.248

nat (outside) 10 172.x.144.0 255.255.255.248

nat (outside) 10 172.x.146.0 255.255.255.248

nat (outside) 10 172.x.146.8 255.255.255.248

nat (outside) 10 172.x.19.0 255.255.255.0

nat (outside) 10 172.x.1.0 255.255.255.0

you access-list inside_nat0_outbound does not cover the destination ip you are pinging:

172.20.144.1

try adding a new line to your access-list in order to cover that host.