cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
302
Views
0
Helpful
2
Replies

NAT Client VPN Traffic to subnet not directly connected to firewall

exonetinf1nity
Level 1
Level 1

Greetings, i have the following setup.

Cisco ASA 5510

Outside Address: xxx.xxx.xxx.xxx

Inside Address 172.16.2.1

Cisco 3750

IP Address 172.16.2.2

Behind the 3750 i have multiple networks that i cant reach when connected via a remote access vpn connection, i have checked that they are in the split tunnel acl and also exempt from NAT.

When connected i can ping the switch on 172.16.2.2 which is on the same subnet as the ASA but nothing further than that, for example a call manager on 172.16.1.60.

Im getting the "no translation group found" message of which im aware of, is there something silly that im missing here?

Edit: Fixed with an identiy NAT statement, one issue though, i need to nat an outside address to this one for management purposes but i believe the two cant co-exist is there a way arround this?

Edit: Fixed by static (inside,outside) 172.16.1.0 172.16.1.0 netmask 255.255.255.0 at the end of the NAT list whilst leaving the existing statics higher up the list.

Regards

2 Replies 2

John Blakley
VIP Alumni
VIP Alumni

Do you have route inside statements on your ASA that points to these networks? And do you have static routes that point to your VPN clients on the 3750?

HTH,

John

HTH, John *** Please rate all useful posts ***

Thank you for your reply, yes i have static routes configured on the ASA for the inside networks that sit behind the 3750, there is also a default static on the 3750 pointing to the inside interface of the ASA. All hosts connected to the 3750 use it as there default gateway.

Regards

Review Cisco Networking for a $25 gift card