Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

MS Client VPN through ASA5540


I am trying to allow a contractor on the inside of my network to create a VPN using the basic Microsoft client passing through our ASA5540's.

The client has a fixed internal address being PAT'ed to the external address on the outside.

There is a rule on the ASA allowing the client out to any protocol IP, and NAT-T has been enabled.

I can see the traffic going through the firewall but am not getting any response back.

I am getting the following error in the logs

3|Aug 11 2006 07:59:39|305006: regular translation creation failed for protocol 47 src Core-ASA: dst ASA-LZSI:

Can anyone help?




Re: MS Client VPN through ASA5540

Hi .. I think your need to inspect PPTP please follow these steps

Complete these steps to add commands for version 7.x:


Add PPTP inspection to the default policy-map using the default class-map.

pixfirewall(config)#policy-map global_policy

pixfirewall(config-pmap)#class inspection_default

pixfirewall(config-pmap-c)#inspect pptp

I hope it helps .. please rate it if it does !!!

New Member

Re: MS Client VPN through ASA5540

Thanks fernando, I will try this during a maintenance window, can you explain what this config change will do.

Many Thanks

Re: MS Client VPN through ASA5540

Well in simple words a pptp connection is initiated using TCP 1723 and then the server responds opening port 47. By using the Inspect you are instructing the firewall to deal with these connections automatically. one thing you need to be aware is that if you are using PAT when the pptp client connects this will allow only one PPTP tunnel at the same time. For more information about how PPTP works please refer to the below link.

I hope it helps .... please rate if it it does !!!

CreatePlease to create content