Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

6500/wism/fwsm - Vpn tunnel failed on Pat ,protocol 50

Hi all

I have a 6500 with a FWSM also a sup720/WISM and a 48port sfp.

Problem is when I setup a vpn connectivity through the FWSM from the inside going to the outside the session is terminated. The fwsm show src protocol 50 not translated error msg.

We have full permission to go out and in with protcol 50 and 51 , esd and iskmp.

the error appears to be the pat setup

we have a public network (172.16) natted or PAT'ed to a single ip. when we set a static rule it works. I've seen ipsec-udp

to bypass this and sysopt , but neither of these are on the FWSM. If there is a Lead to some documentation that would solve this it would be most appreciated.

2 REPLIES
Green

Re: 6500/wism/fwsm - Vpn tunnel failed on Pat ,protocol 50

Make sure the remote peer supports nat-t and it is enabled.

Community Member

Re: 6500/wism/fwsm - Vpn tunnel failed on Pat ,protocol 50

Thank you. Consulting our Secuirty Team it appears they do have NAT-T turned off on the Gate we are VPN'ing too. I will try another VPN gate to confirm. The two permanent solutions I am seeing is One - fix the VPN gate or two create a NAT-Pool the latter being the choice I have. Would there be other options that I am unaware of ?

163
Views
5
Helpful
2
Replies
CreatePlease to create content