6500/wism/fwsm - Vpn tunnel failed on Pat ,protocol 50

Unanswered Question
Oct 11th, 2007

Hi all

I have a 6500 with a FWSM also a sup720/WISM and a 48port sfp.

Problem is when I setup a vpn connectivity through the FWSM from the inside going to the outside the session is terminated. The fwsm show src protocol 50 not translated error msg.

We have full permission to go out and in with protcol 50 and 51 , esd and iskmp.

the error appears to be the pat setup

we have a public network (172.16) natted or PAT'ed to a single ip. when we set a static rule it works. I've seen ipsec-udp

to bypass this and sysopt , but neither of these are on the FWSM. If there is a Lead to some documentation that would solve this it would be most appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
acomiskey Thu, 10/11/2007 - 11:54

Make sure the remote peer supports nat-t and it is enabled.

Paul Lachance Wed, 10/24/2007 - 04:17

Thank you. Consulting our Secuirty Team it appears they do have NAT-T turned off on the Gate we are VPN'ing too. I will try another VPN gate to confirm. The two permanent solutions I am seeing is One - fix the VPN gate or two create a NAT-Pool the latter being the choice I have. Would there be other options that I am unaware of ?


This Discussion