Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Windows 2000 PPTP-PIX 501 "no xlate" error

Hi all, I am new to PIX and VPN...

Everything seems to be working when connecting to the PIX 501 using a Windows 2000 remote access laptop however, the syslog gets full of errors like this one:

Local4.Error 192.168.0.1 %PIX-3-106011: Deny inbound (No xlate) tcp src outside:10.0.0.1/1174 dst outside:64.4.13.170/80

The laptop dials through a phone line and an ISP and uses the PPTP VPN using MS-CHAP and MPPE to the PIX.

The errors only occur when the laptop has this specific active VPN connection.

Here are the relevant entries in my config:

access-list 101 permit ip 192.168.0.0 255.255.255.0 host 10.0.0.1

ip local pool vpnpool 10.0.0.1-10.0.0.5

nat (inside) 0 access-list 101

sysopt connection permit-pptp

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe 40 required

vpdn group 1 client configuration address local vpnpool

vpdn group 1 client configuration dns 192.168.0.40

vpdn group 1 pptp echo 60

vpdn group 1 client authentication local

vpdn username xxxx password xxxx

vpdn enable outside

What am I doing wrong?

Thanks very much!

2 REPLIES
New Member

Re: Windows 2000 PPTP-PIX 501 "no xlate" error

Also,

The "VPN TUNNEL" light does not turn on... why?

New Member

Re: Windows 2000 PPTP-PIX 501 "no xlate" error

Does my VPN pool of private addresses have to contain addresses in the same network ID as my internal LAN, or do I have to use a completely different range? Maybe I am not understanding how the routing takes place between the outside and indide interface during a VPN connection. Can someone explain?

I can not seem to find the answer anywhere.

Thanks!

115
Views
0
Helpful
2
Replies
CreatePlease login to create content