Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Incomplete ESP Translations: hanging off nat entry

At corporate HQ, I have an ASA5510 behind a router doing PAT with Lan-2-Lan IPSEC VPNs terminating at 3 other sites (2 with PIX 501s not behind routers and one with ASA5510 behind a router also doing PAT). When I do "sh ip nat tra" on the HQ router, at the bottom of the list I see "Incomplete ESP translations:" followed by one or two lines like this:

0 esp_conn=0x8409C428, hanging off nat entry 0x84062D30

1 esp_conn=0x8409C408, hanging off nat entry 0x8405F430

Can anyone tell me what this means, what causes it, and whether it is a problem?

Thank you,

Joshua

5 REPLIES
New Member

Re: Incomplete ESP Translations: hanging off nat entry

New Member

Re: Incomplete ESP Translations: hanging off nat entry

I'm not sure I quite follow you, although I did use the doc you linked as a reference for my config. Everything appears to work properly, it's just that I get the Incomplete ESP translations message all the time and don't understand what it means or why it is happening.

Thanks,

Joshua

New Member

Re: Incomplete ESP Translations: hanging off nat entry

I've come across a similar case when there was an issue with my interface ACLs. This is for what I suggested you to check the ACLs.

I ended up having an

New Member

Re: Incomplete ESP Translations: hanging off nat entry

Hi,

Are you sure that your respective tunnel was up and traffic was flowing through(both ways)?

Any updates on this?

New Member

Re: Incomplete ESP Translations: hanging off nat entry

The tunnel is up, in production, with traffic flowing both directions. Even so, frequently (but not every time) when I do a show ip nat translations at either end of the tunnel, I see the incomplete ESP translations message. When it says "hanging off nat entry ..." where can I go to look at the entry it is referring to?

Joshua

720
Views
0
Helpful
5
Replies
CreatePlease to create content