My problem is as follows:
Users with Nortel vpn clients wants to connect to a vpn server on the internet, through a Cisco ASA 5500 firewall.
They can connect, but the login stops up. ASA log is saying the following:
" regular translation failed for protocol 50 src Intern:10.162.14.100 dst Internet:217.*.*.* "
PAT is in use on the WAN/Internet interface. I have attached an edited version of the config.
Any tip on what i can do to get the transparency i need to allow these clients through the wall?
There is nothing really to do here. ESP uses IP Protocol 50 and is *not* TCP, which means it cannot be PATd.
Typically what happens is that the client and the server realize that one of them is being NATTed (by comparing hashes of the IP addresses each is sending and the IP they are getting), and negotiate NAT-traversal.
Typically if they don't negotiate NAT-traversal, that means one end or the other doesn't have it turned on. Have your client and server guys check that out to see what is going on, and make sure you have UDP 4500 allowed through your firewall.
You can read more on NAT traversal here: