10-21-2007 11:57 AM - last edited on 03-25-2019 05:38 PM by ciscomoderator
Hi,
We have a Cisco ASA Setup that is configured for VPN for Remote Access to our Internal Network.
Without any configuration change on the firewall, we have observed that even though the VPN gets connected, no active traffic passes through the VPN Tunnel.
We have observed from the logs that the firewall throws 3 Oct 21 2007 22:50:54 305005 10.30.50.1 No translation group found for icmp src Outside:10.60.60.50 dst inside:10.30.50.1 (type 8, code 0).
We also tried configuring the NAT Exempt Rule which has not helped us in resolving this scenario.
Attached is the configuration of the firwall. Any help in this regard is highly appreciated.
Regards,
Sriharshaa Prabhakar
10-21-2007 02:03 PM
few things that seem to get mixed up:
1) To your VPN clients you are assigning IPs that belong to internal LAN
Pool:
ip local pool vpn-add 10.30.50.200-10.30.50.225 mask 255.255.255.0
Assignment:
tunnel-group itmohesr general-attributes
address-pool vpn-add
That won't work, you probably intend to:
tunnel-group itmohesr general-attributes
address-pool mohesrpool
2) Split tunnel ACL that was done in ASDM looks a bit awkward to me:
split-tunnel-network-list value cisco_splitTunnelAcl
!
access-list cisco_splitTunnelAcl standard permit 10.0.0.0 255.0.0.0
It is not a problem of course as I guess you
want to disable VPN users from connecting to
anything else when connected to VPN but it will look a bit more clear if you do usual extended ACL and just put ANY as destination,
and why not to put netmask as it is configured on interface /24 ?
3) In current status it is still missing nat-exempt:
nat (inside) 0 access-list NONAT
access-list NONAT permit ip 10.30.50.0 255.255.255.0 10.60.60.0 255.255.255.0
Hope this helps,
Yuri
10-21-2007 02:11 PM
Hi Yuri,
Thanks for the reply, I have sat ad debuued the problem, I have also done the same changem instead of standard ACL, I have configured extended ACL and the NAT0 is in place now with correct configuration. Looks like someone has tried to change the config that has affected the VPN Services.
Now its working fine, again thanks for your reply.
Regards,
Sriharshaa Prabhakar
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: