Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

New Member

vpn

This connection was working before and just now I get this error. Does anyone have any ideas. This is a user trying to access and external vpn server.

Thanks

regular translation creation failed for protocol 47 src inside:192.168.100.171 dst outside:102.106.100.200

  • Other Security Subjects
2 REPLIES
Cisco Employee

Re: vpn

Protocol 47 is GRE which is used in PPTP VPN connections. If this inside user has a static one-to-one translation then this will work, but if this user is being PAT'd as they go out you need to be running 6.3 code on the PIX for this to work (and enable the PPTP fixup).

"Regular translation creation failed" means an outbound packet was denied because the nat translation through the PIX didn't work. The PIX needs to NAT every outbound packet in some way, and if it can't you'll get this error. You need to look at either the static or the nat/global pair for this IP address pair and see what's going on.

Also, the PIX won't open a hole for GRE packets to come back in, so you need to have an ACL on the outside that allows GRE back in.

New Member

Re: vpn

Could you please point me to some configs that have PPTP VPN connections enabled to the outside interface using 6.3 code?

Thanks!

Kevin

98
Views
0
Helpful
2
Replies