Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

pix 7.1 (cant vpn behind it)

hi,

i have a cisco 800 box which want to do site to site vpn. it works fine but when its is behind my pix device it cant.

I get this error from adsm log of pix

"305006: regular translation creation failed for protocol 50 src difc-adsl:192.168.200.40 dst outside:194.153.138.16"

5 REPLIES
Gold

Re: pix 7.1 (cant vpn behind it)

what OS is your PIX running?

does the 800 series box have a static nat entry on the PIX?

the 800's remote vpn peer, is it using the nat'ed entry for it's peer?

this could be either a nat-t issue, or ipsec inspection issue. the fix though, depends on your PIX OS version (if that's the problem).

New Member

Re: pix 7.1 (cant vpn behind it)

Hi,

I have got pix 7.1 running on my firewall.pls have a look at the attached file for conf details.

New Member

Re: pix 7.1 (cant vpn behind it)

add the inspect pptp through it (for pptp vpn) ipsec, etc.

New Member

Re: pix 7.1 (cant vpn behind it)

it still does not fix the problem. I am still getting the error on adsm log :(

New Member

Re: pix 7.1 (cant vpn behind it)

i added the command "static (difc-adsl,outside) 80.227.216.2 192.168.200.20 netmask 255.255.255.255" and the message has disappeared from the log and tells me that

please see some adsm logs below:

6|Nov 26 2007 20:34:23|609001: Built local-host difc-adsl:192.168.200.40

6|Nov 26 2007 20:34:22|609002: Teardown local-host difc-adsl:192.168.200.40 duration 0:00:00

3|Nov 26 2007 20:34:22|305006: regular translation creation failed for protocol 50 src difc-adsl:192.168.200.40 dst outside:194.153.138.16

6|Nov 26 2007 20:34:22|609001: Built local-host difc-adsl:192.168.200.40

6|Nov 26 2007 20:34:21|609002: Teardown local-host difc-adsl:192.168.200.40 duration 0:00:00

3|Nov 26 2007 20:34:21|305006: regular translation creation failed for protocol 50 src difc-adsl:192.168.200.40 dst outside:194.153.138.16

6|Nov 26 2007 20:34:21|609001: Built local-host difc-adsl:192.168.200.40

6|Nov 26 2007 20:33:22|609002: Teardown local-host difc-adsl:192.168.200.40 duration 0:00:00

3|Nov 26 2007 20:33:22|305006: regular translation creation failed for protocol 50 src difc-adsl:192.168.200.40 dst outside:194.153.138.16

6|Nov 26 2007 20:33:22|609001: Built local-host difc-adsl:192.168.200.40

6|Nov 26 2007 20:33:20|609002: Teardown local-host difc-adsl:192.168.200.40 duration 0:00:00

3|Nov 26 2007 20:33:20|305006: regular translation creation failed for protocol 50 src difc-adsl:192.168.200.40 dst outside:194.153.138.16

6|Nov 26 2007 20:33:20|609001: Built local-host difc-adsl:192.168.200.40

6|Nov 26 2007 20:33:03|609002: Teardown local-host difc-adsl:192.168.200.40 duration 0:02:38

5|Nov 26 2007 20:32:57|111008: User 'enable_15' executed the 'no static (difc-adsl,outside) 80.227.216.2 192.168.200.40 netmask 255.255.255.255' command.

6|Nov 26 2007 20:32:57|305010: Teardown static translation from difc-adsl:192.168.200.40 to outside:80.227.216.2 duration 0:09:43

6|Nov 26 2007 20:30:25|609001: Built local-host difc-adsl:192.168.200.40

6|Nov 26 2007 20:30:08|609002: Teardown local-host difc-adsl:192.168.200.40 duration 0:04:01

6|Nov 26 2007 20:28:08|302016: Teardown UDP connection 1393931 for outside:194.153.138.16/500 to difc-adsl:192.168.200.40/500 duration 0:02:01 bytes 4756

6|Nov 26 2007 20:26:06|302015: Built outbound UDP connection 1393931 for outside:194.153.138.16/500 (194.153.138.16/500) to difc-adsl:192.168.200.40/500 (80.227.216.2/500)

6|Nov 26 2007 20:26:06|609001: Built local-host difc-adsl:192.168.200.40

126
Views
0
Helpful
5
Replies