Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

regular translation creation failed for protocol 47

                   Hi Everyone,

We have external user on dmz and he is trying to connect to their company network over VPN.

HEre is log from internet firewall

i can see  the firewall is allowing  the rule.

%ASA-6-302013: Built outbound TCP connection 6931561 for outside:200.x.x.x

%ASA-3-305006: regular translation creation failed for protocol 47 src dmz 192.x.x.x

What should i do to fix this issue ?

Regards

MAhesh

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: regular translation creation failed for protocol 47

Hi,

The problem is that GRE is portless. It is just an IP protocol. Not something that we can PAT using a TCP/UDP.

You can try this command. This will add PPTP to the global inspection.

fixup protocol pptp

If this doesn't work an static nat for that host should be required.

HTH

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach us"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva "If you need PDI (Planning, Design, Implement) assistance feel free to reach us" http://www.cisco.com/web/partners/tools/pdihd.html
3 REPLIES
Cisco Employee

Re: regular translation creation failed for protocol 47

Hi,

The problem is that GRE is portless. It is just an IP protocol. Not something that we can PAT using a TCP/UDP.

You can try this command. This will add PPTP to the global inspection.

fixup protocol pptp

If this doesn't work an static nat for that host should be required.

HTH

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach us"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva "If you need PDI (Planning, Design, Implement) assistance feel free to reach us" http://www.cisco.com/web/partners/tools/pdihd.html
New Member

regular translation creation failed for protocol 47

Hi Luis,

Thanks for reply.

I added inspect pptp under global inspection policy and after that ASA  allowed GRE  tunnel.

Seems pptp is not inspected  by default.

Best Regards

Mahesh

Cisco Employee

regular translation creation failed for protocol 47

Yes you are right it is not .

I am glad it helps.

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach us"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva "If you need PDI (Planning, Design, Implement) assistance feel free to reach us" http://www.cisco.com/web/partners/tools/pdihd.html
2466
Views
5
Helpful
3
Replies
CreatePlease login to create content