I have been struggling with a couple of newly installed asa5505. We can use the vpnclient into the appliances, but not from behind another asa. Behind the very same asa we can vpn to previous pix installations. But when we go to other asa installs, we get regular translation creation failed for protocol 50.
We have enabled, isakmp, nat-traversal, udp 4500 and udp 10000. Could it be that the fault is in the other end even if the error shows in this end?
Anyone willing to help me with this?
cheers / Peter
You are not allowing protocol 50 - ESP thru the firewall. The remote end VPN's are trying to create a VPN in "Main" mode not "Aggressive" mode like the VPN clients.
Add the below and test again:-
access-list outside_access_in line 6 extended permit esp any any