Smart questions
Smart answers
Smart people
Join Tek-Tips Forums
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

regular translation creation failed for protocol 50

strtrk88 (IS/IT--Management) (OP)
27 Dec 10 19:09
I'm stomped with this issue...I have read up all possibilities referencing to this error: regular translation creation failed for protocol 50. I have search online where enabling crypto isakmp nat-traversal 20 on my local Cisco PIX 535 and far end ASA and still doesn't resolve the problem.

Below is my config on the local PIX:
PIX Version 7.2(4)
!
hostname pixfirewall
domain-name default.domain.invalid
enable password XXXXXXXXXXXXX encrypted
passwd XXXXXXXXXXXXX encrypted
names
!
interface GigabitEthernet0
 description XXXXXXXXXXXXXXX
 nameif outside
 security-level 0
 ip address x.x.x.x 255.255.255.252
!
interface GigabitEthernet1
 description XXXXXXXXXXXXXXX
 nameif outside_2
 security-level 0
 ip address x.x.x.x 255.255.255.252
!
interface Ethernet0
 nameif inside
 security-level 100
 ip address 192.168.20.1 255.255.255.0
!
interface Ethernet1
 shutdown
 no nameif
 no security-level
 no ip address
!
boot system flash:/pix724.bin
no ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
 domain-name default.domain.invalid
object-group service tcp_47 tcp
 port-object eq 47
object-group service tcp_51 tcp
 port-object eq 51
object-group service tcp_709 tcp
 port-object eq 709
object-group service tcp500 tcp
 port-object eq 500
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit tcp any any eq 51 log
access-list outside_access_in extended permit udp any any eq isakmp log
access-list outside_access_in extended permit gre any any log
access-list outside_access_in extended permit esp any any log
access-list outside_access_in extended permit ah any any log
access-list outside_access_in extended permit tcp any any eq 709 log
access-list outside_access_in extended permit tcp any any eq ldap log
access-list outside_access_in extended permit tcp any any eq pptp log
access-list outside_access_in extended permit tcp any any eq 47 log
access-list outside_access_in extended permit tcp any any eq 500 log
pager lines 24
logging enable
logging timestamp
logging buffered warnings
logging trap notifications
logging asdm informational
mtu outside 1500
mtu outside_2 1500
mtu inside 1500
no failover   
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-525.bin
asdm history enable
arp timeout 14400
global (outside) 2 X.X.X.X-X.X.X.X netmask 255.255.255.128
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 NEXT HOP INTERFACE 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.20.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto isakmp enable outside
crypto isakmp nat-traversal  20
crypto isakmp ipsec-over-tcp port 10000
telnet timeout 5
ssh 192.168.20.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd address 192.168.20.100-192.168.20.199 inside
dhcpd dns x.x.x.x x.x.x.x interface inside
dhcpd enable inside
!

class-map class_sip_tcp
 match port tcp eq sip
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect http
  inspect pptp
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect tftp
  inspect ipsec-pass-thru
 class class_sip_tcp
  inspect sip
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:490d1d88ccf94e5c4fcb856a7c6f9f34
: end


I have verified my client VPN application utilizies "Enable Transparent Tunneling" feature and still no luck.
I even added this code to see if it works:

crypto isakmp ipsec-over-tcp port 10000 <----default tcp port

and still no luck.

Any and all suggestions are appreciated.


Thanks,
Stomped dude!
 

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close