VPN translation error

Unanswered Question
Feb 2nd, 2009


We have a very common problem. While searching this forum, there are lots of possible solutions. But i am not able to get the proper way to the solution.

To say, we have Cisco PIX 515e. We have external clients trying to access their servers from our premises through their vpn client.

They are able to connect their vpn client, but are not able to access any of their internal servers after getting connected.


I am getting below error

regular translation creation failed for protocol 50 src inside:(ipaddress) dst outside:(ipaddress)


I want to know, do we have to enable anything in our firewall to allow them this access or do they have to change any settings in their firewall ?

When i do a static one-to-one NAT with their IP then they can access the internal servers, but are not able to access through our default dynamic NAT. I can do this with few of them. But we have many users who want to access their external servers through VPN, for which i cannot configure one-to-one NAT for all.

Please guide, what can i do to resolve this problem in precise.

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pstebner10 Mon, 02/02/2009 - 08:04

Make sure that you have nat traversal enabled on your pix:

crypto isakmp nat-traversal 3600



ciscokalpesh Tue, 02/03/2009 - 21:06


Thanks for reply.

I enabled the nat traversal as per you command input. But no help. They still cannot access their internal servers.

Any other steps required ? Please guide.


celiocarreto Wed, 02/04/2009 - 02:50


did you configured a No-NAT:

nat(inside) 0 access-list 100

access-list 100 permit ip host SERVER-IP VPN-IP VPN-MASK



ciscokalpesh Thu, 02/05/2009 - 00:15


Thanks for reply.

I tried with above commands. But does not work.

I configured one-to-one NAT with a single ip and allowed only esp protocol. Things works fine by allowing esp protocol with one-to-one NAT.

Any other solutions, please guide.


colonha27 Fri, 04/24/2009 - 12:06

Good afternoon:

I have 2 ASA and i had the same problem, i look in the internet for some time without had solution to the problem, Today I looked for the same problem and apply the nat-traversal in my remote ASA and the connection estabilished without any problem.

I look up the ASA's log and the error not appear more. The connection to the other ASA through VPN is comunicating by 4500 port.

I hope be help to you.




This Discussion