Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

regular translation creation failed for protocol 50

Status
Not open for further replies.

strtrk88

IS-IT--Management
Mar 15, 2010
5
US
I'm stomped with this issue...I have read up all possibilities referencing to this error: regular translation creation failed for protocol 50. I have search online where enabling crypto isakmp nat-traversal 20 on my local Cisco PIX 535 and far end ASA and still doesn't resolve the problem.

Below is my config on the local PIX:
PIX Version 7.2(4)
!
hostname pixfirewall
domain-name default.domain.invalid
enable password XXXXXXXXXXXXX encrypted
passwd XXXXXXXXXXXXX encrypted
names
!
interface GigabitEthernet0
description XXXXXXXXXXXXXXX
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.252
!
interface GigabitEthernet1
description XXXXXXXXXXXXXXX
nameif outside_2
security-level 0
ip address x.x.x.x 255.255.255.252
!
interface Ethernet0
nameif inside
security-level 100
ip address 192.168.20.1 255.255.255.0
!
interface Ethernet1
shutdown
no nameif
no security-level
no ip address
!
boot system flash:/pix724.bin
no ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group service tcp_47 tcp
port-object eq 47
object-group service tcp_51 tcp
port-object eq 51
object-group service tcp_709 tcp
port-object eq 709
object-group service tcp500 tcp
port-object eq 500
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit tcp any any eq 51 log
access-list outside_access_in extended permit udp any any eq isakmp log
access-list outside_access_in extended permit gre any any log
access-list outside_access_in extended permit esp any any log
access-list outside_access_in extended permit ah any any log
access-list outside_access_in extended permit tcp any any eq 709 log
access-list outside_access_in extended permit tcp any any eq ldap log
access-list outside_access_in extended permit tcp any any eq pptp log
access-list outside_access_in extended permit tcp any any eq 47 log
access-list outside_access_in extended permit tcp any any eq 500 log
pager lines 24
logging enable
logging timestamp
logging buffered warnings
logging trap notifications
logging asdm informational
mtu outside 1500
mtu outside_2 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-525.bin
asdm history enable
arp timeout 14400
global (outside) 2 X.X.X.X-X.X.X.X netmask 255.255.255.128
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 NEXT HOP INTERFACE 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.20.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto isakmp enable outside
crypto isakmp nat-traversal 20
crypto isakmp ipsec-over-tcp port 10000
telnet timeout 5
ssh 192.168.20.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd address 192.168.20.100-192.168.20.199 inside
dhcpd dns x.x.x.x x.x.x.x interface inside
dhcpd enable inside
!

class-map class_sip_tcp
match port tcp eq sip
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect pptp
inspect rsh
inspect rtsp
inspect esmtp
inspect tftp
inspect ipsec-pass-thru
class class_sip_tcp
inspect sip
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:490d1d88ccf94e5c4fcb856a7c6f9f34
: end


I have verified my client VPN application utilizies "Enable Transparent Tunneling" feature and still no luck.
I even added this code to see if it works:

crypto isakmp ipsec-over-tcp port 10000 <----default tcp port

and still no luck.

Any and all suggestions are appreciated.


Thanks,
Stomped dude!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top