Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access to inside hosts for VPN users

I have isakmp enabled on my outside interface, and a NAT pool for VPN clients of 10.1.100.100-254. When making a vpn connection, I see the following event log when trying to initiate traffic:

%PIX-3-305005: No translation group found for udp src outside:10.1.100.100/137 dst inside:10.255.255.255/137

Am i supposed to set NAT up for the VPN Pool? I've tried nat (outside) with the outside keyword, but everytime I do, it removes the ability of NAT in the other direction, inside to outside. So it give me connection one way for the VPN users, but return traffic doesn't get through because it doesn't get natd.

I dont' understand how without NAT the VPN hosts will be able to access resources on my LAN without removing the ablity of the LAN users to access the Internet.

Thank you,

Bill

2 REPLIES
Cisco Employee

Re: Access to inside hosts for VPN users

Bill,

The nonat ACL should include your NAT pool for VPN clients. No outside keyword is needed.

Check out

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801e71c0.shtml

access-list 102 permit ip 10.10.10.0 255.255.255.0 10.10.8.0 255.255.255.0

access-list 102 permit ip 10.10.11.0 255.255.255.0 10.10.8.0 255.255.255.0

ip address outside 172.16.10.1 255.255.255.0

ip address inside 10.10.10.2 255.255.255.0

ip local pool vpnpool1 10.10.8.1-10.10.8.254

nat (inside) 0 access-list 102

Hope this helps! If so, please rate.

Thanks

New Member

Re: Access to inside hosts for VPN users

awesome, it works. Thank you very much.

113
Views
5
Helpful
2
Replies
CreatePlease login to create content