Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
394
Views
0
Helpful
5
Replies

pix 7.1 (cant vpn behind it)

bws
Level 1
Level 1

‎11-26-2007 04:16 AM - edited ‎03-11-2019 04:35 AM

hi,

i have a cisco 800 box which want to do site to site vpn. it works fine but when its is behind my pix device it cant.

I get this error from adsm log of pix

"305006: regular translation creation failed for protocol 50 src difc-adsl:192.168.200.40 dst outside:194.153.138.16"

Labels:
22027-putty.log
0 Helpful
5 Replies 5

srue
Level 7
Level 7

‎11-26-2007 05:51 AM

what OS is your PIX running?

does the 800 series box have a static nat entry on the PIX?

the 800's remote vpn peer, is it using the nat'ed entry for it's peer?

this could be either a nat-t issue, or ipsec inspection issue. the fix though, depends on your PIX OS version (if that's the problem).

0 Helpful

bws
Level 1
Level 1
In response to srue

‎11-26-2007 06:08 AM

Hi,

I have got pix 7.1 running on my firewall.pls have a look at the attached file for conf details.

0 Helpful

bsdsecuritycr
Level 1
Level 1
In response to srue

‎11-26-2007 03:12 PM

add the inspect pptp through it (for pptp vpn) ipsec, etc.

0 Helpful

bws
Level 1
Level 1
In response to bsdsecuritycr

‎11-26-2007 08:40 PM

it still does not fix the problem. I am still getting the error on adsm log :(

0 Helpful

bws
Level 1
Level 1
In response to bws

‎11-26-2007 09:01 PM

i added the command "static (difc-adsl,outside) 80.227.216.2 192.168.200.20 netmask 255.255.255.255" and the message has disappeared from the log and tells me that

please see some adsm logs below:

6|Nov 26 2007 20:34:23|609001: Built local-host difc-adsl:192.168.200.40

6|Nov 26 2007 20:34:22|609002: Teardown local-host difc-adsl:192.168.200.40 duration 0:00:00

3|Nov 26 2007 20:34:22|305006: regular translation creation failed for protocol 50 src difc-adsl:192.168.200.40 dst outside:194.153.138.16

6|Nov 26 2007 20:34:22|609001: Built local-host difc-adsl:192.168.200.40

6|Nov 26 2007 20:34:21|609002: Teardown local-host difc-adsl:192.168.200.40 duration 0:00:00

3|Nov 26 2007 20:34:21|305006: regular translation creation failed for protocol 50 src difc-adsl:192.168.200.40 dst outside:194.153.138.16

6|Nov 26 2007 20:34:21|609001: Built local-host difc-adsl:192.168.200.40

6|Nov 26 2007 20:33:22|609002: Teardown local-host difc-adsl:192.168.200.40 duration 0:00:00

3|Nov 26 2007 20:33:22|305006: regular translation creation failed for protocol 50 src difc-adsl:192.168.200.40 dst outside:194.153.138.16

6|Nov 26 2007 20:33:22|609001: Built local-host difc-adsl:192.168.200.40

6|Nov 26 2007 20:33:20|609002: Teardown local-host difc-adsl:192.168.200.40 duration 0:00:00

3|Nov 26 2007 20:33:20|305006: regular translation creation failed for protocol 50 src difc-adsl:192.168.200.40 dst outside:194.153.138.16

6|Nov 26 2007 20:33:20|609001: Built local-host difc-adsl:192.168.200.40

6|Nov 26 2007 20:33:03|609002: Teardown local-host difc-adsl:192.168.200.40 duration 0:02:38

5|Nov 26 2007 20:32:57|111008: User 'enable_15' executed the 'no static (difc-adsl,outside) 80.227.216.2 192.168.200.40 netmask 255.255.255.255' command.

6|Nov 26 2007 20:32:57|305010: Teardown static translation from difc-adsl:192.168.200.40 to outside:80.227.216.2 duration 0:09:43

6|Nov 26 2007 20:30:25|609001: Built local-host difc-adsl:192.168.200.40

6|Nov 26 2007 20:30:08|609002: Teardown local-host difc-adsl:192.168.200.40 duration 0:04:01

6|Nov 26 2007 20:28:08|302016: Teardown UDP connection 1393931 for outside:194.153.138.16/500 to difc-adsl:192.168.200.40/500 duration 0:02:01 bytes 4756

6|Nov 26 2007 20:26:06|302015: Built outbound UDP connection 1393931 for outside:194.153.138.16/500 (194.153.138.16/500) to difc-adsl:192.168.200.40/500 (80.227.216.2/500)

6|Nov 26 2007 20:26:06|609001: Built local-host difc-adsl:192.168.200.40

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card