VPN connectivity problem

ckuriyar74 · ‎01-02-2007

Iam trying to connect to client server tho' GVC client. But I fail to connect and getting error message

%PIX-3-305006: regular translation creation failed for protocol 50 src inside:xxxx dst outside:xxxx

I have conigured PAT for Internet access and do not have static Nat. This connection will be thro' internet.

The PIX 515 has version 7.0(2)

Fernando_Meza · ‎01-02-2007

Hi ..

It seems like you are trying to establish an Ipsec tunnel trought the PIX .. is that correct ..? Well you will find problems as ESP ( protocol 50 ) and PAT conflict with each other. The option you have is to implement NAT traversal where ESP packets are encapsulated on UDP.. and then the translation is performed with no conflicts .. for Cisco vpn clients you can allow UDP 500 and 4500 on your PIX .. I am not sure about the ports used by Sonywall client but you might also need to manually configure the client for NAT traversal. Also make sure the VPN terminating the tunnel is also configured for NAT traversal.

I hope it helps ... please rate it if it does !!!

ckuriyar74 · ‎01-02-2007

I do not have Ipsec tunnel configured for this connection.

Iam trying to connect thro' internet.

As per sonicwall client documentation its required UDP 500 & 4500 to be opened with IP protocol 50

Do you have any configuration example?

Richard Burts · ‎01-02-2007

Chandru

If you do not have an IPSec tunnel configured then you need to configure one. The protocols and ports referenced in the documentation (UDP 500 & 4500 to be opened with IP protocol 50) are IPSec. The UDP ports are for ISAKMP and IP protocol 50 is ESP.

HTH

Rick

HTH

Rick

ckuriyar74 · ‎01-04-2007

If I do a static NAT and configure access-list to allow UDP 500 & 4500 with IP protocol 50 ie ESP it worked fine.

I wanted to know the configuration how to do with PAT instead of static NAT