INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!

Talk With Other Members
Be Notified Of Responses
To Your Posts
Keyword Search
One-Click Access To Your
Favorite Forums
Automated Signatures
On Your Posts
Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Tek-Tips LinkedIn^® Group

Join our
LinkedIn^® Group!

Hook up with past and present colleagues and classmates quickly.

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site

(Download This Button Today!)

Feedback

"...Want to thank those people who have made this forum such a valuable place to visit each day..."

More...

Geography

Where in the world do Tek-Tips members come from?

Click Here To Find Out!

Tek-Tips Shirts!

Get your
Tek-Tips Forums
SWAG here!

Home > Forums > MIS/IT > Security Solutions > Cisco Systems: PIX Firewall Forum

regular translation creation failed for protocol 50

Read More Threads Like This One

strtrk88 (IS/IT--Management)

27 Dec 10 19:09

I'm stomped with this issue...I have read up all possibilities referencing to this error: regular translation creation failed for protocol 50. I have search online where enabling crypto isakmp nat-traversal 20 on my local Cisco PIX 535 and far end ASA and still doesn't resolve the problem.

Below is my config on the local PIX:
PIX Version 7.2(4)
!
hostname pixfirewall
domain-name default.domain.invalid
enable password XXXXXXXXXXXXX encrypted
passwd XXXXXXXXXXXXX encrypted
names
!
interface GigabitEthernet0
description XXXXXXXXXXXXXXX
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.252
!
interface GigabitEthernet1
description XXXXXXXXXXXXXXX
nameif outside_2
security-level 0
ip address x.x.x.x 255.255.255.252
!
interface Ethernet0
nameif inside
security-level 100
ip address 192.168.20.1 255.255.255.0
!
interface Ethernet1
shutdown
no nameif
no security-level
no ip address
!
boot system flash:/pix724.bin
no ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group service tcp_47 tcp
port-object eq 47
object-group service tcp_51 tcp
port-object eq 51
object-group service tcp_709 tcp
port-object eq 709
object-group service tcp500 tcp
port-object eq 500
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit tcp any any eq 51 log
access-list outside_access_in extended permit udp any any eq isakmp log
access-list outside_access_in extended permit gre any any log
access-list outside_access_in extended permit esp any any log
access-list outside_access_in extended permit ah any any log
access-list outside_access_in extended permit tcp any any eq 709 log
access-list outside_access_in extended permit tcp any any eq ldap log
access-list outside_access_in extended permit tcp any any eq pptp log
access-list outside_access_in extended permit tcp any any eq 47 log
access-list outside_access_in extended permit tcp any any eq 500 log
pager lines 24
logging enable
logging timestamp
logging buffered warnings
logging trap notifications
logging asdm informational
mtu outside 1500
mtu outside_2 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-525.bin
asdm history enable
arp timeout 14400
global (outside) 2 X.X.X.X-X.X.X.X netmask 255.255.255.128
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 NEXT HOP INTERFACE 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.20.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto isakmp enable outside
crypto isakmp nat-traversal  20
crypto isakmp ipsec-over-tcp port 10000
telnet timeout 5
ssh 192.168.20.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd address 192.168.20.100-192.168.20.199 inside
dhcpd dns x.x.x.x x.x.x.x interface inside
dhcpd enable inside
!

class-map class_sip_tcp
match port tcp eq sip
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect http
  inspect pptp
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect tftp
  inspect ipsec-pass-thru
class class_sip_tcp
  inspect sip
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:490d1d88ccf94e5c4fcb856a7c6f9f34
: end

I have verified my client VPN application utilizies "Enable Transparent Tunneling" feature and still no luck.
I even added this code to see if it works:

crypto isakmp ipsec-over-tcp port 10000 <----default tcp port

and still no luck.

Any and all suggestions are appreciated.

Thanks,
Stomped dude!

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To Cisco Systems: PIX Firewall