12-20-2009 12:11 PM
Dear, I have the following problem:
ClientVPN ASA --- ---- --- Internet --ASA--VLAN1(192.168.1.0/24)
| - VLAN2
| - VLAN3
VPN= 192.168.10.0/24
When creating the VPN connection with the wizard, the list of networks for the tunnel,
this does not connect and displays the following message:
No translation group found for tcp src outside:192.168.10.2/48257 dst
192.168.1.2/80
This message is the same as it throws when one tries to communicate VLAN on the ASA,
for that reason create the following rules:
static (outside,VLAN1) 192.168.10.0 192.168.10.0 255.255.255.0
static (VLAN1,outside) 192.168.1.0 192.168.1.0 255.255.255.0
which allows communication between the VPN and VLAN1, but I lose internet
access from VLAN1 please help
Solved! Go to Solution.
12-21-2009 11:27 AM
Julio,
You need to add nat exempt from your internal vlans towards your VPN address pool, something like this:
access-list nonat permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
nat (inside) 0 access-list nonat
this will allow communication from inside 192.168.1.0/24 to the vpn client, you would need to add the remaining lines for the remaining vlans and apply them on the needed vlans if they are on different interfaces of course.
12-21-2009 11:27 AM
Julio,
You need to add nat exempt from your internal vlans towards your VPN address pool, something like this:
access-list nonat permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
nat (inside) 0 access-list nonat
this will allow communication from inside 192.168.1.0/24 to the vpn client, you would need to add the remaining lines for the remaining vlans and apply them on the needed vlans if they are on different interfaces of course.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide