02-28-2007 07:26 AM
Hello, I'm trying to set up a site-to-site VPN between our Pix515 (running 6.3) and a third party's eFinity device (running Linux). I've followed the VPN wizard in PDM but when they try to ping one of our servers, they get error 'No translation group found for icmp src outside:62.69.58.233 dst inside:128.31.2.1'.
Their LAN is 194.201.29.0/24 and firewall address is 62.69.58.233. Our LAN is 128.31.0.0/16, firewall address is 194.70.27.46.
Any help is greatly appreciated.
Rex
Solved! Go to Solution.
02-28-2007 07:49 AM
According to your log message, the source is 62.69.58.233, not 194.201.29.x, which means it is being nated. You would not have to add 62.69.58.233 to your acl if they did a no nat from their inside lan to yours.
02-28-2007 07:35 AM
62.69.58.233 is not defined as interesting traffic on your pix. This address would need to be added to access-list outside_cryptomap_40 as well as your no nat acl. Also, are you pinging from outside address of remote firewall, or from client inside who is nating to outside firwall address? If you want to see inside clients from their inside address (which is how your interesting traffic is written) they need to no nat on the remote side.
Also, clean up your config before you post( passwords etc.).
02-28-2007 07:46 AM
Thanks for the response. I'll look at the access lists. The pinging is coming from a server on their LAN (outside) to a server on ours.
02-28-2007 07:49 AM
According to your log message, the source is 62.69.58.233, not 194.201.29.x, which means it is being nated. You would not have to add 62.69.58.233 to your acl if they did a no nat from their inside lan to yours.
02-28-2007 07:59 AM
Cheers. I've spoken to the guys who manage their firewall who will look into it. Presumably I'll be OK to add the relevant rules to our firewall (as you originally suggested) if there's a problem with them doing no nat?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: