Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Windows 2000 PPTP-PIX 501 "no xlate" error

Hi all, I am new to PIX and VPN...

Everything seems to be working when connecting to the PIX 501 using a Windows 2000 remote access laptop however, the syslog gets full of errors like this one:

Local4.Error %PIX-3-106011: Deny inbound (No xlate) tcp src outside: dst outside:

The laptop dials through a phone line and an ISP and uses the PPTP VPN using MS-CHAP and MPPE to the PIX.

The errors only occur when the laptop has this specific active VPN connection.

Here are the relevant entries in my config:

access-list 101 permit ip host

ip local pool vpnpool

nat (inside) 0 access-list 101

sysopt connection permit-pptp

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe 40 required

vpdn group 1 client configuration address local vpnpool

vpdn group 1 client configuration dns

vpdn group 1 pptp echo 60

vpdn group 1 client authentication local

vpdn username xxxx password xxxx

vpdn enable outside

What am I doing wrong?

Thanks very much!

New Member

Re: Windows 2000 PPTP-PIX 501 "no xlate" error


The "VPN TUNNEL" light does not turn on... why?

New Member

Re: Windows 2000 PPTP-PIX 501 "no xlate" error

Does my VPN pool of private addresses have to contain addresses in the same network ID as my internal LAN, or do I have to use a completely different range? Maybe I am not understanding how the routing takes place between the outside and indide interface during a VPN connection. Can someone explain?

I can not seem to find the answer anywhere.


CreatePlease login to create content