I have established IPSec VPN between ASA 5510 and MCAfee firewall. IPSec tunnel is up and we are able to reach destination also through ICMP. When try to do telnet on port 1521, able to establish a session but not able to access the application. Please find attached ASA firewall log for reference.
Hi Satish, It seems that NAT-Control is enabled on your ASA.
What the error message "No translation group found for tcp src internet:10.10.53.67/11226 dst manage:192.168.3.25/1528" means is that you do not have a NAT rule for traffic coming from 10.10.53.67 going to manage host, and you need to have one.
Here is the official Cisco documentation for that error, perhaps it can make things clearer.
Error Message %PIX|ASA-3-305005: No translation group found for protocol src interface_name: source_address/source_port dst interface_name: dest_address/dest_port
A packet does not match any of the outbound nat command rules. If NAT is not configured for the specified source and destination systems, the message will be generated frequently. This message indicates a configuration error.
If dynamic NAT is desired for the source host, ensure that the nat command matches the source IP address. If static NAT is desired for the source host, ensure that the local IP address of the static command matches. If no NAT is desired for the source host, check the ACL bound to the NAT 0 ACL.
What is exactly going on is that ASA ACL allows traffic to come in, but when the packet is processed the ASA does not find a NAT that matches that specific traffic, therefore traffic gets dropped and you get that error message. So to allow traffic to pass through the ASA Firewall you can either add a NAT rule for example: static (iniside,outside) ; or you can disable nat-control.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...