Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

No translation group found

Hello, I'm trying to set up a site-to-site VPN between our Pix515 (running 6.3) and a third party's eFinity device (running Linux). I've followed the VPN wizard in PDM but when they try to ping one of our servers, they get error 'No translation group found for icmp src outside:62.69.58.233 dst inside:128.31.2.1'.

Their LAN is 194.201.29.0/24 and firewall address is 62.69.58.233. Our LAN is 128.31.0.0/16, firewall address is 194.70.27.46.

Any help is greatly appreciated.

Rex

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: No translation group found

According to your log message, the source is 62.69.58.233, not 194.201.29.x, which means it is being nated. You would not have to add 62.69.58.233 to your acl if they did a no nat from their inside lan to yours.

4 REPLIES
Green

Re: No translation group found

62.69.58.233 is not defined as interesting traffic on your pix. This address would need to be added to access-list outside_cryptomap_40 as well as your no nat acl. Also, are you pinging from outside address of remote firewall, or from client inside who is nating to outside firwall address? If you want to see inside clients from their inside address (which is how your interesting traffic is written) they need to no nat on the remote side.

Also, clean up your config before you post( passwords etc.).

New Member

Re: No translation group found

Thanks for the response. I'll look at the access lists. The pinging is coming from a server on their LAN (outside) to a server on ours.

Green

Re: No translation group found

According to your log message, the source is 62.69.58.233, not 194.201.29.x, which means it is being nated. You would not have to add 62.69.58.233 to your acl if they did a no nat from their inside lan to yours.

New Member

Re: No translation group found

Cheers. I've spoken to the guys who manage their firewall who will look into it. Presumably I'll be OK to add the relevant rules to our firewall (as you originally suggested) if there's a problem with them doing no nat?

122
Views
5
Helpful
4
Replies