Solved: Re: ASA Site-to-Site translation problem

lubosbella · ‎05-09-2011

Hi,

i want to ask how to solve this problem:

On site A is ASA5520 (v7.2) with:
Inside interface
Outside interface

On site B is ASA5520 (v8.2) with:
Inside interface
Outside interface
DMZ interface

There is a L2L IPSec tunnel between ASAs network - tunnel is up and work correct from Inside ASA A networks to Inside ASA B networks.
-----------------
I can do a ping from server (172.25.106.221) on Inside inerface of ASA A to server(192.168.1.5) on Inside Interface of ASA B.

But i can`t do a ping from server (172.25.106.221) on Inside inerface of ASA A to server(192.168.0.31) on DMZ Interface of ASA B with a reason in logs of ASA B: %ASA-3-305005: No translation group found for icmp src Outside:172.25.106.221 dst DMZ:192.168.0.31 (type 8, code 0)

Probably is there a problem with static translation on ASA B, so im searching how to solve that issue.

I posted configuration files (I omitted some line in configuration unnecessary to solve for this problem, i think).

Many thanks for help.

Mohammad Abazeed · ‎05-09-2011

Hey there,

Checked the config and i noticed it was missing a nonat from the DMZ, there is one for the inside alright.

:so can you add the following command to the ASA B

nat (DMZ) 0 access-list ACL_NONAT

let me know how that goes, if it helped you can mark this one as answered then

Cheers,

Mo

View solution in original post

Mohammad Abazeed · ‎05-09-2011