Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

sos
New Member

asa5505 regular translation creation failed for protocol 50 src inside

I have a 5505 that won't pass ipsec traffic from a software client, this is the error that I get from the logs.

regular translation creation failed for protocol 50 src inside:192.168.1.151 dst outside:xxx.xxx.xxx.xxx

a search of the cisco site turned up this: http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K85809210

But I still have the issue after following those instructions.

software version is 7.2

2 REPLIES

Re: asa5505 regular translation creation failed for protocol 50

This sounds like you need to enable on the firewall pptp for app inspection if you are initiating outbound vpn connections:

If the VPN outbound connection is going through regular one-to-one NAT on the ASA issue the follwing:

fixup protocol pptp 1723

if the VPN outbound connection is going through regular PAT you need to create an acl to open up UDP on the inside source towards the outside in addition to the previous statement.

here are some links that may help,and may apply to ASA plaform. I expericed this issue with PIX515e version 6.3, but have also read it applies to version 7.x .

PPTP Background theory:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml

WHAT ports to opened to accomodate PPTP tunnels in PAT and NAT scenarios:

http://www.cisco.com/en/US/partner/tech/tk827/tk369/technologies_q_and_a_item09186a00800946ef.shtml

PPTP Frequent asked questions:

http://www.cisco.com/en/US/partner/tech/tk827/tk369/tk529/tsd_technology_support_sub-protocol_home.html

Jorge

sos
New Member

Re: asa5505 regular translation creation failed for protocol 50

No Joy on that, the software client is the Cisco Vpn client, which would make this an IPsec connection. Thanks for the try though.

532
Views
0
Helpful
2
Replies