01-06-2009 02:51 AM - edited 02-21-2020 03:11 AM
Hello,
Having some problems with the asabox. I have a site to site between two offices, it works perfect.
But, when a computer from the inside network tries to establish a vpn connection from his/hers windows machine to another network, it all goes wrong. I get the following message in the syslog:
305006 193.xxx.xx.64 regular translation creation failed for protocol 47 src inside:192.168.1.50 dst outside:193.xx.xxx.64
After a quick google, I found this page:
http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html#wp1280915
It states that I'm trying to establish a connection to a network or broadcast address. but given that the last numeric is 64, as far as I can tell this is a /26 network. And why does the asa assume that? I haven't thrown in any subnet masks with this address? Anyway, I tried the static command at the bottom, but still it gives me the error message in syslog. this is not a vpn connection configured in the asa. this is just vpn traffic passing through the box.
added some 'useful' things:
Result of the command: "sh nat"
NAT policies on Interface inside:
match ip inside 192.168.1.0 255.255.255.0 inside 192.168.2.0 255.255.255.0
NAT exempt
translate_hits = 0, untranslate_hits = 0
match ip inside 192.168.1.0 255.255.255.0 outside 192.168.2.0 255.255.255.0
NAT exempt
translate_hits = 48, untranslate_hits = 70
match ip inside 192.168.1.0 255.255.255.0 _internal_loopback 192.168.2.0 255.255.255.0
NAT exempt
translate_hits = 0, untranslate_hits = 0
match tcp inside host 192.168.1.50 eq 3389 outside any
static translation to 195.xx.xxx.xx/3389
translate_hits = 0, untranslate_hits = 2
match ip inside 192.168.1.0 255.255.255.0 inside any
dynamic translation to pool 1 (192.168.1.1 [Interface PAT])
translate_hits = 0, untranslate_hits = 0
match ip inside 192.168.1.0 255.255.255.0 outside any
dynamic translation to pool 1 (195.xx.xxx.xx [Interface PAT])
translate_hits = 15033, untranslate_hits = 1607
match ip inside 192.168.1.0 255.255.255.0 _internal_loopback any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
NAT policies on Interface outside:
match ip outside host 193.xx.xxx.64 inside any
static translation to 193.xx.xxx.64
translate_hits = 0, untranslate_hits = 40
Result of the command: "sh run nat"
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 192.168.1.0 255.255.255.0
Result of the command: "sh run static"
static (inside,outside) tcp interface 3389 192.168.1.50 3389 netmask 255.255.255.255
static (inside,outside) 193.xx.xxx.64 193.xx.xxx.64 netmask 255.255.255.255
Thanks for help,
\\mark
Solved! Go to Solution.
01-06-2009 08:08 AM
Do you have this in your config?
asa(config)#policy-map global_policy
asa(config-pmap)#class inspection_default
asa(config-pmap-c)#inspect pptp
01-06-2009 08:08 AM
Do you have this in your config?
asa(config)#policy-map global_policy
asa(config-pmap)#class inspection_default
asa(config-pmap-c)#inspect pptp
01-07-2009 01:39 AM
Hello,
Didn't seem to have that piece of wonderful config.
Fantastic sir. This is excellent. I thank you;=)
\\mark
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide