Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > %ASA-3-305006: regular translation creation failed for protocol 50

Reply
Thread Tools

%ASA-3-305006: regular translation creation failed for protocol 50

 
 
dt1649651@yahoo.com
Guest
Posts: n/a
 
      04-29-2008
A little bit more. I am trying to tackle this problem on that NAT
side. I put the ASA5505 behind a Cisco router and let the this router
does the NAT translation and take the nat function out of the ASA. My
PC is behind the ASA ( and the Cisco router ). In this situation, the
Cisco VPN Client on my PC works just fine. The connection is ok and I
can access the remote network just fine.

So what is the difference in NAT translation bewteen an IOS and a
ASA ?

Dt
 
Reply With Quote
 
 
 
 
dt1649651@yahoo.com
Guest
Posts: n/a
 
      04-30-2008
On Apr 28, 10:57 pm, "(E-Mail Removed)" <(E-Mail Removed)>
wrote:
> Thanks, Martin.
> When I add the command "isakmp nat traversal " to my ASA, it does fix
> the problem.
> When I add that command to the remote ASA ( VPN gateway ) I cannot
> make the VPN connection.
> Also tried the inspect ipsec-pass-thru.
>
> I notice that this happens when I make the vpn connection to a remote
> ASA. If the remote VPN gateway is an IOS router then the local ASA
> does not complain anything.


I just re-read my post andam very sorry for my missing important word
( I worked a lot of hours yesterday ).
> When I add the command "isakmp nat traversal " to my ASA, it does ***NOT*** fix
> the problem.


In other words, all the nat traversal does not fix the problem, no
matter where it is on the remote or local ASA.

I am very sorry for my typp.

Dt
 
Reply With Quote
 
 
 
 
Martin Bilgrav
Guest
Posts: n/a
 
      05-01-2008

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Apr 28, 10:57 pm, "(E-Mail Removed)" <(E-Mail Removed)>
> wrote:


> In other words, all the nat traversal does not fix the problem, no
> matter where it is on the remote or local ASA.


Did you verify that you actually HAVE the setting enabled in your VPN client
software ?


 
Reply With Quote
 
dt1649651@yahoo.com
Guest
Posts: n/a
 
      05-02-2008
On May 1, 12:14 pm, "Martin Bilgrav" <(E-Mail Removed)>
wrote:
> <(E-Mail Removed)> wrote in message
>
> news:(E-Mail Removed)...
>
> > On Apr 28, 10:57 pm, "(E-Mail Removed)" <(E-Mail Removed)>
> > wrote:
> > In other words, all the nat traversal does not fix the problem, no
> > matter where it is on the remote or local ASA.

>
> Did you verify that you actually HAVE the setting enabled in your VPN client
> software ?


Yes. I did. I went to the tab Transport of Cisco VPN Client 4.8, had
the option Enable Transparent Tunneling on, and select IPSec over
UDP(NAT/PAT). In fact, this option is on by default. I also tried
turned it off. Both cases does not fix the problem.

As I posted in my previous, this problem will not happen if the remote
is an IOS router. I tried six different IOS routers configured ( by
different peope, not only me ) as VPN gateway sand all worked. When I
have an ASA as the remote VPN gateway, this problem appears.

I am going to grab another ASA to make it the vpn gateway and will
test it again.

Thanks,

Dt
 
Reply With Quote
 
Martin Bilgrav
Guest
Posts: n/a
 
      05-02-2008

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On May 1, 12:14 pm, "Martin Bilgrav" <(E-Mail Removed)>
> wrote:
>> <(E-Mail Removed)> wrote in message
>>
>> news:(E-Mail Removed)...
>>
>> > On Apr 28, 10:57 pm, "(E-Mail Removed)" <(E-Mail Removed)>
>> > wrote:
>> > In other words, all the nat traversal does not fix the problem, no
>> > matter where it is on the remote or local ASA.

>>
>> Did you verify that you actually HAVE the setting enabled in your VPN
>> client
>> software ?

>
> Yes. I did. I went to the tab Transport of Cisco VPN Client 4.8, had
> the option Enable Transparent Tunneling on, and select IPSec over
> UDP(NAT/PAT). In fact, this option is on by default. I also tried
> turned it off. Both cases does not fix the problem.
>


ok - super !

> As I posted in my previous, this problem will not happen if the remote
> is an IOS router. I tried six different IOS routers configured ( by
> different peope, not only me ) as VPN gateway sand all worked. When I
> have an ASA as the remote VPN gateway, this problem appears.


Ok - it's just that your first post, contained a config from a ASA, but i
did not see any VPN config in it ?!
Could you try to post the complete config of your ASA VPN headend/gateway.

>
> I am going to grab another ASA to make it the vpn gateway and will
> test it again.
>
> Thanks,
>
> Dt



 
Reply With Quote
 
dt1649651@yahoo.com
Guest
Posts: n/a
 
      05-03-2008
On May 2, 12:30 pm, "Martin Bilgrav" <(E-Mail Removed)>
wrote:
>
> Ok - it's just that your first post, contained a config from a ASA, but i
> did not see any VPN config in it ?!
> Could you try to post the complete config of your ASA VPN headend/gateway.


That config is for the remote ASA which plays the role of a NAT
translator only. The VPN client is on the PC.
I just got an ASA for replaying the VPN gateway. I am going to copy
the VPN parts from the real ASA gateway to this test ASA, try it again
and will post it.

Thanks,

Dt
 
Reply With Quote
 
javijavi javijavi is offline
Junior Member
Join Date: May 2009
Posts: 1
 
      05-05-2009
Hello all,
I have the same problem as this user, the following logs appear in the asa when an inside host tries to establish an VPN connection with an outside host:
%ASA-3-305006: regular translation creation failed for protocol 50 src INSIDE:192.168.X.X dst OUTSIDE:<vpn GW>
%ASA-6-110003: routing failed to locate next hop for ESP from OUTSIDE:<vpn gw> to INSIDE:<outside interface address>

I've tried all the things you've said in this post (nat-t, inspect ipsec-pass-through, inspect pptp) and it does not work.
I replace the ASA with a Zyxel router which only does PAT and the VPN connection from the inside host to the VPN gw works fine.

Any more ideas??

Thanks in advance,
Javi
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
regular/portmap translation creation failed Sam Wilson Cisco 0 10-18-2012 05:08 PM
PIX PPTP VPN Passthrough: regular translation creation failed for protocol 47 armyadam@gmail.com Cisco 2 04-17-2012 08:03 PM
regular translation creation failed for protocol 50 src inside:172.16.0.105 M Cisco 3 03-05-2009 04:50 PM
Translation Creation Failed Bruce Cisco 5 11-18-2004 06:32 PM
X.25 to TCP protocol translation Sascha E. Pollok Cisco 4 12-02-2003 04:23 PM



Advertisments