Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX 515 8.03 L2TP/PPTP - No translation group found

Reply
Thread Tools

PIX 515 8.03 L2TP/PPTP - No translation group found

 
 
luciogodoy luciogodoy is offline
Junior Member
Join Date: May 2008
Posts: 1
 
      05-17-2008
Hi All;

I have been trying to fix the "No translation group found" message for days now and i haven't been able to do so, hence my post.

I have a simple network with a PIX 515 running pixos 8.03, and i would like Win XP computers to connect from the Internet to a Web server hosted on the DMZ via a PPTP VPN connection.

I can sucessfully login to the PIX from the Win XP, I am able to ping the interfaces (all 3 of then) but i am not to ping or connect to the web server on port 80.

I keep on getting messages "No translation group found" messages, could somebody share some light, pls?

Many thanks

Lucio

#sh running
: Saved
:
PIX Version 8.0(3)
!
hostname gatekeeper
domain-name nonono.com
enable password dQ1mI8Vv4fqni3E5iu encrypted
names
name 192.168.1.100 WEB_SERVER
name 78.186.13.1 GATEWAY
!
interface Ethernet0
nameif outside
security-level 0
ip address 78.186.13.92 255.255.240.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 172.16.1.254 255.255.255.0
!
interface Ethernet2
nameif dmz
security-level 50
ip address 192.168.1.254 255.255.255.0
!
passwd 2KFQnbNdfIdI.2KYa12OU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name nonono.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network MailHopRelayGroup
description Mail Hop Relay Group
network-object MailHopRelay02 255.255.255.0
network-object MailHopRelay01 255.255.255.0
access-list ACLOUT extended permit tcp any host 78.186.13.95 eq www
access-list ACLOUT extended permit tcp any host 78.186.13.95 eq https
access-list ACLOUT extended permit tcp PublicHomeNetwork 255.255.255.0 host 78.186.13.95 eq ftp
access-list ACLOUT extended permit tcp PublicHomeNetwork 255.255.255.0 host 78.186.13.95 eq ftp-data
access-list ACLOUT extended permit tcp PublicHomeNetwork 255.255.255.0 host 78.186.13.95 eq ssh
access-list ACLOUT extended permit tcp PublicHomeNetwork 255.255.255.0 host 78.186.13.95 eq 10000
access-list ACLOUT extended permit tcp object-group MailHopRelayGroup host 78.186.13.95 eq smtp
access-list ACLOUT extended permit tcp PublicHomeNetwork 255.255.255.0 host 78.186.13.95 eq 3389
access-list http-list2 extended permit tcp any host 78.186.13.94
access-list http-list2 extended permit tcp any host 78.186.13.95
access-list dmz_access_in extended permit ip any any
access-list nonat extended permit ip 172.16.2.0 255.255.255.0 192.168.1.0 255.255.255.0 inactive
access-list 101 extended deny ip 172.16.2.0 255.255.255.0 any
access-list 101 extended permit ip any any
!
tcp-map mss-map
exceed-mss allow
!
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool clientVPNpool 172.16.2.1-172.16.2.20 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-603.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
global (outside) 1 78.186.13.96 netmask 255.255.255.255
global (outside) 1 78.186.13.97 netmask 255.255.255.255
global (outside) 1 78.186.13.98 netmask 255.255.255.255
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
nat (outside) 0 access-list 101 outside
nat (outside) 0 172.16.1.0 255.255.255.0
nat (outside) 0 192.168.1.0 255.255.255.0
nat (dmz) 1 0.0.0.0 0.0.0.0
static (dmz,outside) tcp 78.186.13.95 www WEB_SERVER www netmask 255.255.255.255
static (dmz,outside) tcp 78.186.13.95 ftp WEB_SERVER ftp netmask 255.255.255.255
static (dmz,outside) tcp 78.186.13.95 ftp-data WEB_SERVER ftp-data netmask 255.255.255.255
static (dmz,outside) tcp 78.186.13.95 smtp WEB_SERVER smtp netmask 255.255.255.255
static (dmz,outside) tcp 78.186.13.95 ssh WEB_SERVER ssh netmask 255.255.255.255
static (dmz,outside) tcp 78.186.13.95 https WEB_SERVER https netmask 255.255.255.255
static (dmz,outside) tcp 78.186.13.95 3389 192.168.1.101 3389 netmask 255.255.255.255
static (dmz,outside) tcp 78.186.13.95 10000 WEB_SERVER 10000 netmask 255.255.255.255
access-group ACLOUT in interface outside
access-group dmz_access_in in interface dmz
route outside 0.0.0.0 0.0.0.0 GATEWAY 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server vpn protocol radius
aaa-server vpn host 192.168.1.10
key windows
http server enable
http PublicHomeNetwork 255.255.255.0 outside
http 192.168.1.0 255.255.255.0 dmz
http 172.16.1.0 255.255.255.0 inside
http 10.10.10.1 255.255.255.255 inside
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_MD5
crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 5
dhcpd address 172.16.1.2-172.16.1.10 inside
dhcpd dns 78.186.13.51 interface inside
dhcpd wins GATEWAY interface inside
dhcpd domain nonono.com interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics
ntp server 78.186.13.101 source outside
ntp server 78.186.13.68 source outside
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 78.186.13.51
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value nonono.com
username test password Mu2wwwHvbX9dfxenLqIVHNw2gY1A== nt-encrypted
tunnel-group DefaultRAGroup general-attributes
address-pool clientVPNpool
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
policy-map http-map1
!
service-policy global_policy global
service-policy http-map1 interface outside
smtp-server 192.168.1.100
prompt hostname context


LOG Messages:
3 May 17 2008 18:06:40 305005 WEB_SERVER No translation group found for tcp src outside:172.16.2.1/1261 dst dmz:WEB_SERVER/80

3 May 17 2008 18:06:43 305005 WEB_SERVER No translation group found for tcp src outside:172.16.2.1/1261 dst dmz:WEB_SERVER/80

3 May 17 2008 18:06:49 305005 WEB_SERVER No translation group found for tcp src outside:172.16.2.1/1261 dst dmz:WEB_SERVER/80
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX - "No translation group found for udp src outside..." port 137 Arthur Brain Cisco 4 07-25-2007 02:40 AM
PIX 515 to PIX 515 via Internet & IPSec, should I get a VAC? Scott Townsend Cisco 8 02-22-2006 09:59 PM
PIX-3-305005: No translation group found for udp src outside pkiller Cisco 1 11-15-2005 07:38 PM
pix error No translation group found for udp src outside jcharth@hotmail.com Cisco 3 09-29-2005 05:18 PM
Need help with PIX message: "305005: No translation group found" Keith B. Cisco 8 02-18-2004 02:21 PM



Advertisments