ASA 5520 VLAN Problem my admin was working for group policies to restrict access for some VPN users in ASDM. In one of the group policy profiles he hit the "manage" button under General Client Parameters and "Split Tunnel Network List". He unchecked a particular VLAN in that list.

Once that was pushed to the ASA 5520 we lost the ability to ping anything on that VLAN. The router can still see the VLAN - no issue. The servers on that vlan can ping out to the main one. We just can't ping back.

FOund some log entries. We're getting this:

No translation group found for icmp src

VLANC is and VLAN A is

VlanC can access VlanA. VlanA CANNOT access VLANC
Who is Participating?
taiell0Connect With a Mentor Author Commented:
The problem ended up being a bug in the 7.2 firmware which kept the rules from re-applying. The exact error was

Unable to download NAT policy for ACE

Cisco TAC removed the nat rules on the vlan and re-created them to get things moving again.
Ernie BeekExpertCommented:
So are you able to roll that back? After that we could have a look what exactly is is you want and how we can arrange that.

I also added the PIX/ASA topic to your question to draw some more attention.
taiell0Author Commented:
Problem resolved through Cisco TAC
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.