10-07-2013 11:53 PM - edited 02-21-2020 07:12 PM
This is my scenario.
Software Version 7.2(1)
I have enabled VPN in the outside Interface. The IPSec Client Pool is in the range 192.168.98.150-192.168.98.175.
The Clients are unable to ping any IP in the "inside" LAN but at the same time they are able to access the devices in the Local LAN using HTTP,HTTPS,SSH & TELNET.
CASE 1:
access-list NONAT extended permit ip any 192.168.98.0 255.255.255.0
NAT(inside) 0 access-list NONAT
I get the following log "portmap translation creation failed for icmp src outside"
CASE 2:
If I add a static (outside,inside) 192.168.98.0 192.168.98.0 netmask 255.255.255.0
I am able to Ping and the Problem is resolved.
Could anyone please explain me this behaviour?
Solved! Go to Solution.
10-08-2013 03:49 AM
Hi,
So it was matching a "nat" configurations on the "outside" interface which had no matching "global" configuration for the destination interface (probably inside) that caused the problems and produced the "portmap" error.
Please do remember to mark a reply as the correct answer if it answered your question or rate helpfull answers
- Jouni
10-07-2013 11:57 PM
Hi,
Can you share your output of
show run nat
and you could also take a "packet-tracer" output while the VPN Client connetion is logged in and use the clients IP in the below command
packet-tracer input outside icmp
- Jouni
10-08-2013 12:15 AM
Just figured there was an "icmp any any" in the nat(outside) 1 access-list INTACC.
I removed this entry along with the static NAT entry. Things just started pinging!!!!
10-08-2013 03:49 AM
Hi,
So it was matching a "nat" configurations on the "outside" interface which had no matching "global" configuration for the destination interface (probably inside) that caused the problems and produced the "portmap" error.
Please do remember to mark a reply as the correct answer if it answered your question or rate helpfull answers
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide