Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

VPN translation error

Hi,

We have a very common problem. While searching this forum, there are lots of possible solutions. But i am not able to get the proper way to the solution.

To say, we have Cisco PIX 515e. We have external clients trying to access their servers from our premises through their vpn client.

They are able to connect their vpn client, but are not able to access any of their internal servers after getting connected.

##################

I am getting below error

regular translation creation failed for protocol 50 src inside:(ipaddress) dst outside:(ipaddress)

##################

I want to know, do we have to enable anything in our firewall to allow them this access or do they have to change any settings in their firewall ?

When i do a static one-to-one NAT with their IP then they can access the internal servers, but are not able to access through our default dynamic NAT. I can do this with few of them. But we have many users who want to access their external servers through VPN, for which i cannot configure one-to-one NAT for all.

Please guide, what can i do to resolve this problem in precise.

Thanks in advance.

5 REPLIES
New Member

Re: VPN translation error

Make sure that you have nat traversal enabled on your pix:

crypto isakmp nat-traversal 3600

HTH,

Paul

New Member

Re: VPN translation error

Hi,

Thanks for reply.

I enabled the nat traversal as per you command input. But no help. They still cannot access their internal servers.

Any other steps required ? Please guide.

Thanks

New Member

Re: VPN translation error

Hi,

did you configured a No-NAT:

nat(inside) 0 access-list 100

access-list 100 permit ip host SERVER-IP VPN-IP VPN-MASK

Regards,

Celio

New Member

Re: VPN translation error

Hi,

Thanks for reply.

I tried with above commands. But does not work.

I configured one-to-one NAT with a single ip and allowed only esp protocol. Things works fine by allowing esp protocol with one-to-one NAT.

Any other solutions, please guide.

Thanks

New Member

Re: VPN translation error

Good afternoon:

I have 2 ASA and i had the same problem, i look in the internet for some time without had solution to the problem, Today I looked for the same problem and apply the nat-traversal in my remote ASA and the connection estabilished without any problem.

I look up the ASA's log and the error not appear more. The connection to the other ASA through VPN is comunicating by 4500 port.

I hope be help to you.

Cordially.

hector

123
Views
0
Helpful
5
Replies
CreatePlease to create content