I have two interfaces that I am trying to communicate. VPNaccess is security level 100 and DMZ-50 is a SL50. Default rules. Below are the NATs currently in place. When I try to ping 172.16.50.21 I get the following 305005 No translation group for icmp src VPNaccess:CyndiWS dst DMZ-50:syslog1.
when I try to ping 10.11.2.121 - nothing
TAC told me to put in 'static (VPNaccess,DMZ-50) 10.0.0.0 10.0.0.0'
that didn't work either.
description vpn access for technicians
ip address 10.11.2.111 255.255.255.0
description Logging servers
ip address 172.16.50.1 255.255.255.0
name 172.16.50.21 syslog1
name 10.31.103.86 CyndiWS
global (outside) 15 66.x.x.190 netmask 255.255.255.255
global (inside) 5 172.16.11.190 netmask 255.255.255.255
global (VPNaccess) 10 10.11.2.120 netmask 255.255.255.255
global (DMZ-50) 20 172.16.50.2 netmask 255.255.255.255
Make sure 10.11.2.121 is not used by any machine in vpnaccess interface. 10.11.2.121 has to be a free public IP address, otherwise when you try to ping 10.11.2.121, the packets may go to the actual machine rather than going to the PIX.
If if it is indeed a free IP address, then do "debug icmp trace" or collect syslogs as you try to ping 10.11.2.121 and see if the ICMP requests are even reaching the PIX or not.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :