but when try ping from 192.168.148.0 255.255.255.252 subnet to all ip's on the 10.210.0.0/16 we are getting successfull ping reply but not for the 10.210.12.25
when i check the log it says
%PIX-3-305005: No translation group found for icmp src outside:192.168.150.231 dst DMZ:10.210.12.25 (type 8, code 0)
Are you sure you are pinging from 192.168.148.0 network? the firewall message is saying you are pinging from 192.168.150.x for which there is no reference in your nonat acl rule. One would expect to see in your nonat exempt rule in addition to what you already have for 192.168.148.0/30 soomething as:
access-list 110 extended permit ip 10.210.0.0 255.255.0.0 192.168.150.X
Check that ,if no joy could you post a brief topology description of what networks from the other side of the tunnel is to have access your DZM network.
I agree about making sure your source IP falls within the encryption domain and nonat acl. Looking over your config, if your source IP comes from 192.168.148.0/30 there's no reason it shouldn't work. You may want to make sure there isn't some sort of policy NAT or PAT configured to use 192.168.150.231 on the other end when sending traffic to 10.210.12.25. Check out the no-nat ACL's on the other end as well.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :