NAT Client VPN Traffic to subnet not directly connected to firewall

Unanswered Question
Dec 23rd, 2008

Greetings, i have the following setup.

Cisco ASA 5510

Outside Address:

Inside Address

Cisco 3750

IP Address

Behind the 3750 i have multiple networks that i cant reach when connected via a remote access vpn connection, i have checked that they are in the split tunnel acl and also exempt from NAT.

When connected i can ping the switch on which is on the same subnet as the ASA but nothing further than that, for example a call manager on

Im getting the "no translation group found" message of which im aware of, is there something silly that im missing here?

Edit: Fixed with an identiy NAT statement, one issue though, i need to nat an outside address to this one for management purposes but i believe the two cant co-exist is there a way arround this?

Edit: Fixed by static (inside,outside) netmask at the end of the NAT list whilst leaving the existing statics higher up the list.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
John Blakley Wed, 12/24/2008 - 09:24

Do you have route inside statements on your ASA that points to these networks? And do you have static routes that point to your VPN clients on the 3750?



exonetinf1nity Sat, 12/27/2008 - 09:06

Thank you for your reply, yes i have static routes configured on the ASA for the inside networks that sit behind the 3750, there is also a default static on the 3750 pointing to the inside interface of the ASA. All hosts connected to the 3750 use it as there default gateway.



This Discussion