Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

"No translation group found"

I have an ASA 5540, running 8.0 software.

Interface "IN" (security level 100) has subnet 192.168.1.0/27 directly connected

Interface "OUT" (security level 100) has a route to 192.168.0.0/16.

Interface VPN (Security level 50) is for VPN clients to connect into. VPN Clients are issued addresses from a pool of 10.0.1.0/24

I want the ASA to NAT all requests from any VPN client going out *either* IN or OUT interfaces.

The ASA appears to be NATing traffic going out the IN interface, but not the OUT interface. Syslog shows the message:

No translation group found for tcp src VPN:10.0.1.x/y dst OUT:192.168.2.1/23

My NAT commands are:

nat-control

global (IN) 1 interface

global (OUT) 1 interface

nat (VPN) 0 access-list VPN_nat0_outbound

nat (VPN) 0 access-list VPN_nat0_outbound_1 outside

nat (VPN) 1 10.0.1.0 255.255.255.0 outside

nat (VPN) 0 access-list IN_nat0_outbound

What am I doing wrong ?

Thanks,

GTG

Please rate all helpful posts.
1 REPLY

Re: "No translation group found"

Post the rest of your config, remove any sensitive info.

121
Views
0
Helpful
1
Replies