NAT Issue on ASA with VPN Clients

Unanswered Question
Jan 21st, 2010
User Badges:

I am connecting with ANYconnect SSL VPN Client from the Internet and it connects fine.

When I try to ping or connect to an internal server -

Here is the message that I am getting:

%ASA-3-305005: No translation group found for tcp src outside: dst inside:

3.1 is the VPN client connection, 10.35 is the www server.

When I tried to connect externally, back out to the INnternet I got a similar message and it would not connect.

However, when I added :
nat (outside) 1 SSLVPN

I was able to connect to and others.  Still not to any internal addresses however.

I have tried every other nat config statement I could come up with to get connectivity to the inside addresses: 1.0

Any ideas, seems like it should be pretty easy but I can't seem to come up with the right combo tonight.

Many thanks,

Config Snip::

same-security-traffic permit intra-interface
access-list cisco_splitTunnelAcl standard permit any
access-list inside_access_in extended permit ip any any
access-list inside_access_in_1 extended permit ip any any

ip local pool SSLVPN-Pool mask

global (outside) 1 interface
nat (inside) 1
nat (outside) 1 SSLVPN

access-group inside_access_in_1 in interface inside

route inside 1

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Dileep Sivadas ... Thu, 01/21/2010 - 23:54
User Badges:


Create a NAT exemption rule for your VPN traffic.

access-list non-nat-inside extended permit ip

nat (inside) 0 access-list non-nat-inside



This Discussion