Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
275
Views
0
Helpful
1
Replies

"No translation group found"

Gordon Ross
Level 9
Level 9

‎10-07-2009 11:44 PM - edited ‎03-11-2019 09:24 AM

I have an ASA 5540, running 8.0 software.

Interface "IN" (security level 100) has subnet 192.168.1.0/27 directly connected

Interface "OUT" (security level 100) has a route to 192.168.0.0/16.

Interface VPN (Security level 50) is for VPN clients to connect into. VPN Clients are issued addresses from a pool of 10.0.1.0/24

I want the ASA to NAT all requests from any VPN client going out *either* IN or OUT interfaces.

The ASA appears to be NATing traffic going out the IN interface, but not the OUT interface. Syslog shows the message:

No translation group found for tcp src VPN:10.0.1.x/y dst OUT:192.168.2.1/23

My NAT commands are:

nat-control

global (IN) 1 interface

global (OUT) 1 interface

nat (VPN) 0 access-list VPN_nat0_outbound

nat (VPN) 0 access-list VPN_nat0_outbound_1 outside

nat (VPN) 1 10.0.1.0 255.255.255.0 outside

nat (VPN) 0 access-list IN_nat0_outbound

What am I doing wrong ?

Thanks,

GTG

Please rate all helpful posts.
Labels:
0 Helpful
1 Reply 1

andrew.prince
Level 10
Level 10

‎10-08-2009 01:10 AM

Post the rest of your config, remove any sensitive info.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card