ESP problem with MS RRAS to Cisco 3000 VPN passing through PIX 515E Firewall.

Discussion in 'Cisco' started by Sean McGrath, Dec 29, 2003.

  1. Sean McGrath

    Sean McGrath Guest


    I'm having a problem creating a MS RRAS server to a Cisco 3000 VPN
    concentrator passing through a PIX 515E Firewall (6.1). The
    configuration is as follows. The MS RRAS server has a configure IPSEC
    policy creating a tunnel withe the external interface of the PIX
    firewall. The PIX firewall passes that traffic to one of its internal
    interface connected to the VPN concentrator. There is a sepearate
    internal interface connecting to the internal LAN for internet
    connectivity. UDP 500 is static translated to the VPN concentrator.
    UDP 10000 is also static translated to the VPN concentrator. I am able
    to estrablish the tunnel but if I try to pass traffic through it I get
    "Regular Translation Creation failed for IP protocol 50" on the PIX.
    Obviously this results from the fact that I can't static IP protocol
    50. If I try to connect with the Cisco client from the outside it
    works because it is encapsulating ESP in UDP 10000. Is there a way to
    make the RRAS server do this? If I can't get RRAS to work this way
    it's not a big deal because I can use L2TP but I will have other VPN
    concentrators connecting through the PIX from the outside. Will they
    have the same problem or will they encapsulate ESP in UDP 10000?
    Any suggestions or thoughts would be greatly appreciated.

    Sean McGrath, Dec 29, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.