NAT ISSUE HELP !!

Unanswered Question
Feb 5th, 2003
User Badges:

Hi ,

I have got a nat problem I believe ;I am a novice hence this query .

Ok issue is VPN client cant access internal network .Vpn Client connects ok .

Some error messages on pix console when i try and ping inside network are .

No translation group found for udp src outside:100.100.25.100/137 dst inside:100.100.1.98/137

No translation group found for udp src outside:100.100.25.100/137 dst inside:100.100.1.98/137





Network Config

Inside Network 100.100.1.XXX

OutSide Network say 40.40.204.xxx


PIX VPN INSIDE 100.100.1.4

PIX VPN OUTSIDE 40.40.204.4

default border router 40.40.204.1

access-list 90 permit ip 100.0.0.0 255.255.255.0 100.100.25.0 255.255.255.0 (hitcnt=0)

nat (inside) 0 access-list 90


Now the Inside network has a gateway to a router 100.100.1.251

whose config is


interface Ethernet0/0

ip address 100.100.1.251 255.255.255.0

ip access-group 102 in

ip nat inside


interface Ethernet0/1

ip address 40.40.204.23 255.255.255.0

ip access-group 101 in

ip nat outside

ip nat pool ovrld 40.40.204.240 40.40.204.240 netmask 255.255.255.0

ip nat inside source list 7 pool ovrld overload

ip classless

ip route 0.0.0.0 0.0.0.0 40.40204.1

ip route 100.100.0.0 255.255.0.0 100.100.1.254

!

access-list 7 permit 100.100.0.0 0.0.255.255

access-list 101 permit ip any any

access-list 102 permit icmp any any echo

access-list 102 permit ip 100.0.0.0 0.255.255.255 100.0.0.0 0.255.255.255

access-list 102 permit ip any 40.40.204.0 0.0.0.255

access-list 102 deny ip any any



Inside Pool given to road warrior using l2tp ipsec win2k client 100.100.25.10 -100.100.25.20

regards

Raj .





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
awaheed Wed, 02/05/2003 - 12:41
User Badges:
  • Cisco Employee,

Hi Raj,


This log appears when a NAT and global command cannot be found for a protocol. The protocol can be TCP, UDP, or ICMP, kindly check your Statics/Globals as they maybe causing this.


Hope this helps,

Thanks and Regards,

Aamir Waheed,

Cisco Systems, Inc.

CCIE#8933


-=-=-=-


Actions

This Discussion