Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access to inside hosts for VPN users

I have isakmp enabled on my outside interface, and a NAT pool for VPN clients of When making a vpn connection, I see the following event log when trying to initiate traffic:

%PIX-3-305005: No translation group found for udp src outside: dst inside:

Am i supposed to set NAT up for the VPN Pool? I've tried nat (outside) with the outside keyword, but everytime I do, it removes the ability of NAT in the other direction, inside to outside. So it give me connection one way for the VPN users, but return traffic doesn't get through because it doesn't get natd.

I dont' understand how without NAT the VPN hosts will be able to access resources on my LAN without removing the ablity of the LAN users to access the Internet.

Thank you,


Cisco Employee

Re: Access to inside hosts for VPN users


The nonat ACL should include your NAT pool for VPN clients. No outside keyword is needed.

Check out

access-list 102 permit ip

access-list 102 permit ip

ip address outside

ip address inside

ip local pool vpnpool1

nat (inside) 0 access-list 102

Hope this helps! If so, please rate.


New Member

Re: Access to inside hosts for VPN users

awesome, it works. Thank you very much.

CreatePlease login to create content