cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
440
Views
0
Helpful
5
Replies

VPN translation error

ciscokalpesh
Level 1
Level 1

Hi,

We have a very common problem. While searching this forum, there are lots of possible solutions. But i am not able to get the proper way to the solution.

To say, we have Cisco PIX 515e. We have external clients trying to access their servers from our premises through their vpn client.

They are able to connect their vpn client, but are not able to access any of their internal servers after getting connected.

##################

I am getting below error

regular translation creation failed for protocol 50 src inside:(ipaddress) dst outside:(ipaddress)

##################

I want to know, do we have to enable anything in our firewall to allow them this access or do they have to change any settings in their firewall ?

When i do a static one-to-one NAT with their IP then they can access the internal servers, but are not able to access through our default dynamic NAT. I can do this with few of them. But we have many users who want to access their external servers through VPN, for which i cannot configure one-to-one NAT for all.

Please guide, what can i do to resolve this problem in precise.

Thanks in advance.

5 Replies 5

pstebner10
Level 1
Level 1

Make sure that you have nat traversal enabled on your pix:

crypto isakmp nat-traversal 3600

HTH,

Paul

Hi,

Thanks for reply.

I enabled the nat traversal as per you command input. But no help. They still cannot access their internal servers.

Any other steps required ? Please guide.

Thanks

celiocarreto
Level 1
Level 1

Hi,

did you configured a No-NAT:

nat(inside) 0 access-list 100

access-list 100 permit ip host SERVER-IP VPN-IP VPN-MASK

Regards,

Celio

Hi,

Thanks for reply.

I tried with above commands. But does not work.

I configured one-to-one NAT with a single ip and allowed only esp protocol. Things works fine by allowing esp protocol with one-to-one NAT.

Any other solutions, please guide.

Thanks

Good afternoon:

I have 2 ASA and i had the same problem, i look in the internet for some time without had solution to the problem, Today I looked for the same problem and apply the nat-traversal in my remote ASA and the connection estabilished without any problem.

I look up the ASA's log and the error not appear more. The connection to the other ASA through VPN is comunicating by 4500 port.

I hope be help to you.

Cordially.

hector

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: