Cisco PIX 501 - VPNC connections blocked from internal lan to external end-point
in [Cisco]
|
Prev: I BUY USED AND NEW CISCO AND OTHER EQUIPMENT
Next: Cisco PIX 501 - VPNC connections blocked from internal lan to external end-point [SOLVED]
From: Scott Lowe on 27 Jun 2010 01:15 On 2010-06-26 06:44:58 -0400, ziikell101 said: > Here are the logs on the PIX during the session set-up and an ICMP ping > to a known router on the other side of the VPN: > > > ### VPNC sets up the connection : vpnc --dpd-idle 0 tt > 302015: Built outbound UDP connection 40 for outside:62.12.12.12/500 > (62.58.16.86/500) to inside:10.90.90.100/500 (10.90.80.105/3) > 710005: UDP request discarded from 62.12.12.12/500 to outside:10.90.80.105/2 > > ### PINGs are sent, and lost > 305006: portmap translation creation failed for protocol 50 src > inside:10.90.90.100 dst outside:62.12.12.12 > 305006: portmap translation creation failed for protocol 50 src > inside:10.90.90.100 dst outside:62.12.12.12 > 305006: portmap translation creation failed for protocol 50 src > inside:10.90.90.100 dst outside:62.12.12.12 > 305006: portmap translation creation failed for protocol 50 src > inside:10.90.90.100 dst outside:62.12.12.12 It looks like the PIX is blocking ESP (IP protocol 50), which is generally required in order for IPSec to work properly. You probably need to enable NAT traversal on your IPSec client so that it can encapsulate the traffic in TCP or UDP and help it work correctly with NAT. -- Scott Lowe Author, "Mastering VMware vSphere 4" and "VMware vSphere 4 Administration Instant Reference" http://blog.scottlowe.org |