Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

translations and RA-VPNs

I have a 515 that we have an access vpn to. We recently swapped it out with a 7.11 pix (it had been 6.3(4) and the vpn config didnt seem to work correctly when we pasted it into the new fw.

I have resolved part of the problem but now I am seeing xlate errors in the logs for VPN traffic.

Apr 4 14:07:35 10.205.52.1 %PIX-3-305005: No translation group found for tcp src outside:172.30.20.11/4300 dst inside:172.17.22.2/2002

In previous versions I did not but in 7.11 do I have to have statics for the internal hosts being accessed via the RA-VPN?

This doesnt make sense to me.....but a no xlate is a no xlate right?

1 REPLY
Bronze

Re: translations and RA-VPNs

Yes you need to have a static statement for the RA-VPN hosts to connect to Inside hosts. The nat statement will create only a temproary translation, so u need a static staement.

96
Views
0
Helpful
1
Replies
CreatePlease login to create content