Results 1 to 5 of 5

Thread: VPN with PIX (IPSEC)

  1. #1
    Ann Tone
    Guest

    VPN with PIX (IPSEC)

    Hello All,

    I have a PIX 515 that's configured as a VPN IPSEC provider, amongst other
    things. When establishing a tunnel, everything goes fine but the VPN machine
    isn't able to ping anything inside. The log is showing something like

    305005: No translation group found for icmp src outside:192.168.10.2 dst
    inside:192.168.2.11 (type 8, code 0)

    whereby 192.168.10.2 is the VPN IP address.

    What's going wrong here ? Do I need nat/global or static entry for the VPNed
    network, especially given that they seem to be on the outside interface ?
    Many thanks for your help in advance !

    Best wishes


  2. #2
    Jean Figueiredo
    Guest

    Re: VPN with PIX (IPSEC)

    Ann Tone wrote:
    > Hello All,
    >
    > I have a PIX 515 that's configured as a VPN IPSEC provider, amongst other
    > things. When establishing a tunnel, everything goes fine but the VPN
    > machine
    > isn't able to ping anything inside. The log is showing something like
    >
    > 305005: No translation group found for icmp src outside:192.168.10.2 dst
    > inside:192.168.2.11 (type 8, code 0)
    >
    > whereby 192.168.10.2 is the VPN IP address.
    >
    > What's going wrong here ? Do I need nat/global or static entry for the
    > VPNed
    > network, especially given that they seem to be on the outside interface ?
    > Many thanks for your help in advance !
    >
    > Best wishes
    >

    hi

    u need no nat in the interface outside and maybe routing.


    cheers

  3. #3
    Marco Benton
    Guest

    Re: VPN with PIX (IPSEC)

    Ann Tone wrote:
    > Hello All,
    >
    > I have a PIX 515 that's configured as a VPN IPSEC provider, amongst other
    > things. When establishing a tunnel, everything goes fine but the VPN
    > machine
    > isn't able to ping anything inside. The log is showing something like
    >
    > 305005: No translation group found for icmp src outside:192.168.10.2 dst
    > inside:192.168.2.11 (type 8, code 0)
    >
    > whereby 192.168.10.2 is the VPN IP address.
    >
    > What's going wrong here ? Do I need nat/global or static entry for the
    > VPNed
    > network, especially given that they seem to be on the outside interface ?
    > Many thanks for your help in advance !
    >
    > Best wishes
    >


    yes, you need a nat 0 and create an access-list for what you dont want
    to be translated to the outside address when traversing VPN.

    a static will work as well.



  4. #4
    editor@cellmail.com
    Guest

    PIX 515E-R (v6.3.3)


    Hi:

    Is the PIX 515E-R firewall still a reasonable choice as a stateful
    firewall? I know it is a discontinued item from Cisco but from what
    I have read from old reviews, it was a very good when it came out.

    Any comments would be useful.

    Thanks
    - Kevin

  5. #5
    Newbie72
    Guest

    Re: PIX 515E-R (v6.3.3)

    On Nov 12, 6:16*pm, edi...@cellmail.com wrote:
    > Hi:
    >
    > Is the PIX 515E-R firewall still a reasonable choice as a stateful
    > firewall? I know it is a discontinued item from Cisco but from what
    > I have read from old reviews, it was a very good when it came out.
    >
    > Any comments would be useful.
    >
    > Thanks
    > *- Kevin


    Absolutely! The downside is cisco is no longer making software. Just
    keep an eye out for vulnerabilities in your version and determine if
    their risk is to high. Then when you have the budget for an ASA pick
    it up

Similar Threads

  1. Pix 501 vpn
    By MVolders in forum Networking Forum
    Replies: 0
    Last Post: 09-26-08, 01:22 PM
  2. pix 501 vpn
    By jcovay in forum Network Security
    Replies: 1
    Last Post: 07-29-08, 10:31 AM
  3. PIX 506e + 2Wire 2700 + Cisco VPN Client
    By myheadhurts in forum Network Security
    Replies: 1
    Last Post: 07-03-08, 11:20 AM
  4. Replies: 1
    Last Post: 10-09-07, 11:39 AM
  5. VPN client using IPSec not working - could it be the cable modem?
    By metropole in forum Wireless Networks & Routers
    Replies: 2
    Last Post: 02-05-07, 09:06 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •