regular translation created failed for icmp src inside

WILLIAM STEGMAN · ‎04-21-2006

I have a user who connects to a remote Cisco VPN concentrator to do customer work, and his connection is periodically terminated. The log reveals the DPD timer can no longer contact the remote host. Our Internet connection stays up, but the PIX has reported the error, regular translation created failed for icmp src inside, the inside source being the vpn user and the destination being the vpn concentrator. I can't say that error message appeared everytime because I've been unable to review the logs each time he's been disconnected. Could his getting disconnected be related to the syslog message? If ping replies are not coming back, I could see the DPD kicking in and terminating the connection, but I don't know how to resolve the error. I've tried the ICMP fixup, and the access list allows ICMP replies in through the PIX.

thx,

Bill

a.kiprawih · ‎04-23-2006

Hi,

There was something similar to your problem mentioned at:

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a008051a0cd.html#wp1020660

Hope this can help.

Rgds,

AK

WILLIAM STEGMAN · ‎04-25-2006

I'm not sure what is happening. This note proposes the VPN concentrator is sending the VPN client a broadcast or traffic destined to a network address. I don't know what circumstances that might happen under though.