Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN connectivity problem

Iam trying to connect to client server tho' GVC client. But I fail to connect and getting error message

%PIX-3-305006: regular translation creation failed for protocol 50 src inside:xxxx dst outside:xxxx

I have conigured PAT for Internet access and do not have static Nat. This connection will be thro' internet.

The PIX 515 has version 7.0(2)

4 REPLIES

Re: VPN connectivity problem

Hi ..

It seems like you are trying to establish an Ipsec tunnel trought the PIX .. is that correct ..? Well you will find problems as ESP ( protocol 50 ) and PAT conflict with each other. The option you have is to implement NAT traversal where ESP packets are encapsulated on UDP.. and then the translation is performed with no conflicts .. for Cisco vpn clients you can allow UDP 500 and 4500 on your PIX .. I am not sure about the ports used by Sonywall client but you might also need to manually configure the client for NAT traversal. Also make sure the VPN terminating the tunnel is also configured for NAT traversal.

I hope it helps ... please rate it if it does !!!

New Member

Re: VPN connectivity problem

I do not have Ipsec tunnel configured for this connection.

Iam trying to connect thro' internet.

As per sonicwall client documentation its required UDP 500 & 4500 to be opened with IP protocol 50

Do you have any configuration example?

Hall of Fame Super Silver

Re: VPN connectivity problem

Chandru

If you do not have an IPSec tunnel configured then you need to configure one. The protocols and ports referenced in the documentation (UDP 500 & 4500 to be opened with IP protocol 50) are IPSec. The UDP ports are for ISAKMP and IP protocol 50 is ESP.

HTH

Rick

New Member

Re: VPN connectivity problem

If I do a static NAT and configure access-list to allow UDP 500 & 4500 with IP protocol 50 ie ESP it worked fine.

I wanted to know the configuration how to do with PAT instead of static NAT

184
Views
0
Helpful
4
Replies
CreatePlease to create content