05-09-2011 11:45 AM
Hi,
i want to ask how to solve this problem:
On site A is ASA5520 (v7.2) with:
Inside interface
Outside interface
On site B is ASA5520 (v8.2) with:
Inside interface
Outside interface
DMZ interface
There is a L2L IPSec tunnel between ASAs network - tunnel is up and work correct from Inside ASA A networks to Inside ASA B networks.
-----------------
I can do a ping from server (172.25.106.221) on Inside inerface of ASA A to server(192.168.1.5) on Inside Interface of ASA B.
But i can`t do a ping from server (172.25.106.221) on Inside inerface of ASA A to server(192.168.0.31) on DMZ Interface of ASA B with a reason in logs of ASA B: %ASA-3-305005: No translation group found for icmp src Outside:172.25.106.221 dst DMZ:192.168.0.31 (type 8, code 0)
Probably is there a problem with static translation on ASA B, so im searching how to solve that issue.
I posted configuration files (I omitted some line in configuration unnecessary to solve for this problem, i think).
Many thanks for help.
Solved! Go to Solution.
05-09-2011 01:24 PM
Hey there,
Checked the config and i noticed it was missing a nonat from the DMZ, there is one for the inside alright.
:so can you add the following command to the ASA B
nat (DMZ) 0 access-list ACL_NONAT
let me know how that goes, if it helped you can mark this one as answered then
Cheers,
Mo
05-09-2011 01:24 PM
Hey there,
Checked the config and i noticed it was missing a nonat from the DMZ, there is one for the inside alright.
:so can you add the following command to the ASA B
nat (DMZ) 0 access-list ACL_NONAT
let me know how that goes, if it helped you can mark this one as answered then
Cheers,
Mo
05-10-2011 01:58 AM
You have right :) I forgot to "nonating" DMZ networks.
Thank you very much.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide