asa5505 regular translation creation failed for protocol 50 src inside

Unanswered Question
May 7th, 2007
User Badges:

I have a 5505 that won't pass ipsec traffic from a software client, this is the error that I get from the logs.


regular translation creation failed for protocol 50 src inside:192.168.1.151 dst outside:xxx.xxx.xxx.xxx


a search of the cisco site turned up this: http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K85809210


But I still have the issue after following those instructions.



software version is 7.2

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Mon, 05/07/2007 - 16:35
User Badges:
  • Green, 3000 points or more

This sounds like you need to enable on the firewall pptp for app inspection if you are initiating outbound vpn connections:


If the VPN outbound connection is going through regular one-to-one NAT on the ASA issue the follwing:

fixup protocol pptp 1723


if the VPN outbound connection is going through regular PAT you need to create an acl to open up UDP on the inside source towards the outside in addition to the previous statement.


here are some links that may help,and may apply to ASA plaform. I expericed this issue with PIX515e version 6.3, but have also read it applies to version 7.x .


PPTP Background theory:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml


WHAT ports to opened to accomodate PPTP tunnels in PAT and NAT scenarios:

http://www.cisco.com/en/US/partner/tech/tk827/tk369/technologies_q_and_a_item09186a00800946ef.shtml



PPTP Frequent asked questions:

http://www.cisco.com/en/US/partner/tech/tk827/tk369/tk529/tsd_technology_support_sub-protocol_home.html





Jorge





sos Mon, 05/07/2007 - 17:04
User Badges:

No Joy on that, the software client is the Cisco Vpn client, which would make this an IPsec connection. Thanks for the try though.

Actions

This Discussion