Problem with VPN Client passthrough on ASA 5505

Unanswered Question
Dec 27th, 2007
User Badges:

I am having a problem with passing through a VPN client connection on an ASA 5505. The ASA is running version 8 and terminates an anyconnect VPN. The ASA is using PAT. When the inside user connects with the VPN client, it connects but no traffic passes through the tunnel. I see the error

305006 regular translation creation failed for protocol 50 src INSIDE:y.y.y.y dst OUTSIDE:x.x.x.x

UDP 500,4500 and ESP are allowed into the ASA. Ipsec inspection has also been setup on a global policy, but the user still cannot pass traffice to the remote VPN he is connected through.

At the Main Office we have an ASA 5510 that terminates a site to site VPN, allows remote connections with PAT and allows passthrough no problems. Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
AFSguru2007 Mon, 12/31/2007 - 09:19
User Badges:

I am having a simuliar issue with my ASA 5505 that I have set up. I am trying to VPN into the Office. I have no problem accessing the Office network when I am on the internet without the ASA 5505. After I installed the 5505, and there is internet access, I try to connect to the Office network without success. The VPN connects with the following error.

3 Dec 31 2007 05:30:00 305006 xxx.xx.114.97

regular translation creation failed for protocol 50 src inside: dst outside:xxx.xx.114.97


johnd2310 Mon, 12/31/2007 - 14:12
User Badges:
  • Silver, 250 points or more


Is the VPN server configured to use ipsec-over-tcp or NAT-T ?


AFSguru2007 Mon, 12/31/2007 - 19:10
User Badges:

I just says IPSec

Also I am using (and can not change) version client SW to do the VPN to Office

AFSguru2007 Mon, 12/31/2007 - 19:18
User Badges:

Interestingly enough, all I had to do is change it to IPSec over UDP (NAT/PAT) and it worked fine. I did not want to risk changes to the Office supplied VPN config, but what the heck, it worked. Thanks for the nudge!


This Discussion