Re: [fw-wiz] Pix - portmap translation creation failed

• Previous message: Crissup, John (MBNP is): "[fw-wiz] Pix - portmap translation creation failed"
• In reply to: Crissup, John (MBNP is): "[fw-wiz] Pix - portmap translation creation failed"
• Next in thread: Joe Ippolito: "Re: [fw-wiz] Pix - portmap translation creation failed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Crissup, John (MBNP is)" <John.Crissup@us.millwardbrown.com>
Date: Mon, 02 Feb 2004 17:50:21 +0100

Hi,

you should use the option "sysopt connection permit-ipsec" on your
config to let ipsec traffic pass through the pix. You should take car of
the nat-travsersal options that your vpn-client should have.

Cheers

Javier Sanchez Llera
jsanchez@myalert.com
Systems Administrator
MyAlert.com

El lun, 02-02-2004 a las 16:38, Crissup, John (MBNP is) escribió:
> OK, folks, need your help. We have a user trying to VPN out of our network
> using a Netscreen or SafeNet (??) client (Sorry, got that second hand and am
> not up on Netscreen products). I'm seeing a syslog entry being generated by
> the PIX for message %PIX-3-305006. The exact error follows (appropriately
> scrubbed)...
>
> %PIX-3-305006: portmap translation creation failed for protocol 50 src
> inside:172.20.1.1 dst outside:A.B.C.D
>
> My PIX 520 (Ver 6.3.1) is configured to use PAT for all Internet bound
> traffic. A search of Cisco's site turns up nothing about this particular
> error except a bug report that the documentation needs to be updated to show
> this error. Can anyone offer some direction on how to resolve this?
>
> As always, thanks in advance for any assistance you can offer.
>
> --
>
> John M. Crissup
> Network Systems Engineer
> Global Network Services
>
> Millward Brown
> 535 E. Diehl Rd.
> Naperville, IL 60563
>
> ====================================================
> This email is confidential and intended solely for the use of the
> individual or organisation to whom it is addressed. Any opinions or
> advice presented are solely those of the author and do not necessarily
> represent those of the Millward Brown Group of Companies. If you are
> not the intended recipient of this email, you should not copy, modify,
> distribute or take any action in reliance on it. If you have received
> this email in error please notify the sender and delete this email
> from your system. Although this email has been checked for viruses
> and other defects, no responsibility can be accepted for any loss or
> damage arising from its receipt or use.
> ====================================================
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Crissup, John (MBNP is): "[fw-wiz] Pix - portmap translation creation failed"
• In reply to: Crissup, John (MBNP is): "[fw-wiz] Pix - portmap translation creation failed"
• Next in thread: Joe Ippolito: "Re: [fw-wiz] Pix - portmap translation creation failed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]