305006: regular translation creation failed for protocol 50 src ** SOLVED *

Unanswered Question
Sep 16th, 2009
User Badges:

I see several posts on this subject have been added already, but I thought I would add my 2c.

I've been trying to get a remote IPsec VPN(Cisco client) connecting from the inside of our office ASA to a remote ASA.

The client would connect fine, but no traffic would pass through the VPN.

This is what I would see in show logging asdm

305006: regular translation creation failed for protocol 50 src INSIDE_Gi1/2.2:192.168.x.x dst OUTSIDE_Gi0/0.60:x.x.x.x

To fix this I enabled "inspect ip-pass-through" under the global policy inspection map on the local ASA , and added "crypto isakmp nat-traversal" to the remote ASA.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Tue, 09/22/2009 - 11:36
User Badges:

This error you are getting is because the firewall is not being able to PAT an entire protocol such as GRE. On previous versions such like 6.3 releases, there was a way to configure a fixup protocol for PPTP connections that was able to make the VPN connections patted work. The only way that you can make this work, is configuring a one to one static nat between the vpn client ip address and a public ip in order to be able to make this connection work.


This Discussion