05-07-2007 03:52 PM - edited 03-11-2019 03:10 AM
I have a 5505 that won't pass ipsec traffic from a software client, this is the error that I get from the logs.
regular translation creation failed for protocol 50 src inside:192.168.1.151 dst outside:xxx.xxx.xxx.xxx
a search of the cisco site turned up this: http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K85809210
But I still have the issue after following those instructions.
software version is 7.2
05-07-2007 04:35 PM
This sounds like you need to enable on the firewall pptp for app inspection if you are initiating outbound vpn connections:
If the VPN outbound connection is going through regular one-to-one NAT on the ASA issue the follwing:
fixup protocol pptp 1723
if the VPN outbound connection is going through regular PAT you need to create an acl to open up UDP on the inside source towards the outside in addition to the previous statement.
here are some links that may help,and may apply to ASA plaform. I expericed this issue with PIX515e version 6.3, but have also read it applies to version 7.x .
PPTP Background theory:
WHAT ports to opened to accomodate PPTP tunnels in PAT and NAT scenarios:
http://www.cisco.com/en/US/partner/tech/tk827/tk369/technologies_q_and_a_item09186a00800946ef.shtml
PPTP Frequent asked questions:
Jorge
05-07-2007 05:04 PM
No Joy on that, the software client is the Cisco Vpn client, which would make this an IPsec connection. Thanks for the try though.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide