I am a little bit confused about the way to configure a Site-to-Site VPN:
The local net 10.10.1.0/24 is connected to PIX-A and local net 172.16.1.0/24 is connected to PIX-B. PIX-A and PIX-B are connected via a VPN tunnel. There will be no NAT for traffic passing the tunnel (nat 0).
When I telnet from 10.10.1.12 to 172.16.1.123 ISAKMP SA and IPSec SA gets in place, but telnet do not work.
PIX is logging <no translation group found for source: 10.10.1.12 destination 172.16.1.123>.
Therefore, I have configured <static (inside, outside) 172.16.0.0 172.16.0.0 netmask 255.255.0.0>. Now I am able to connect to 172.16.1.123.
This configuration is driving me mad. I thought there is no need for static nat and access-lists with VPN tunnels.
is it possible to paste both A & B's configs in here. please x-out all of your sensitive information. this will help out a lot. specifically the all the statics and the acls....but the entire config will do.
% PIX-3-305005: No translation group found for protocol src interface_name:dest_address/dest_port dst interface_name:source_address/source_port
Explanation A packet does not match any of the outbound nat rules.
Action This message signals a configuration error. If dynamic NAT is desired for the source host, ensure that the nat command matches the source IP address. If static NAT is desired for the source host, ensure that the local IP address of the static command matches. If no NAT is desired for the source host, check the access-list bound to the nat 0 access-list.
The way I do it is exclude the remote IP range from NAT translation and remember you need to allow the tranffic from your lan to access the remote machines in your ACL applied to the internal interface..
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :