Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

NAT Client VPN Traffic to subnet not directly connected to firewall

Greetings, i have the following setup.

Cisco ASA 5510

Outside Address:

Inside Address

Cisco 3750

IP Address

Behind the 3750 i have multiple networks that i cant reach when connected via a remote access vpn connection, i have checked that they are in the split tunnel acl and also exempt from NAT.

When connected i can ping the switch on which is on the same subnet as the ASA but nothing further than that, for example a call manager on

Im getting the "no translation group found" message of which im aware of, is there something silly that im missing here?

Edit: Fixed with an identiy NAT statement, one issue though, i need to nat an outside address to this one for management purposes but i believe the two cant co-exist is there a way arround this?

Edit: Fixed by static (inside,outside) netmask at the end of the NAT list whilst leaving the existing statics higher up the list.



Re: NAT Client VPN Traffic to subnet not directly connected to f

Do you have route inside statements on your ASA that points to these networks? And do you have static routes that point to your VPN clients on the 3750?



HTH, John *** Please rate all useful posts ***
New Member

Re: NAT Client VPN Traffic to subnet not directly connected to f

Thank you for your reply, yes i have static routes configured on the ASA for the inside networks that sit behind the 3750, there is also a default static on the 3750 pointing to the inside interface of the ASA. All hosts connected to the 3750 use it as there default gateway.


CreatePlease to create content