Firewall Wizards mailing list archives
Re: Pix - portmap translation creation failed
From: Javier Sanchez Llera <jsanchez () myalert com>
Date: Mon, 02 Feb 2004 17:50:21 +0100
Hi, you should use the option "sysopt connection permit-ipsec" on your config to let ipsec traffic pass through the pix. You should take car of the nat-travsersal options that your vpn-client should have. Cheers Javier Sanchez Llera jsanchez () myalert com Systems Administrator MyAlert.com El lun, 02-02-2004 a las 16:38, Crissup, John (MBNP is) escribió:
OK, folks, need your help. We have a user trying to VPN out of our network using a Netscreen or SafeNet (??) client (Sorry, got that second hand and am not up on Netscreen products). I'm seeing a syslog entry being generated by the PIX for message %PIX-3-305006. The exact error follows (appropriately scrubbed)... %PIX-3-305006: portmap translation creation failed for protocol 50 src inside:172.20.1.1 dst outside:A.B.C.D My PIX 520 (Ver 6.3.1) is configured to use PAT for all Internet bound traffic. A search of Cisco's site turns up nothing about this particular error except a bug report that the documentation needs to be updated to show this error. Can anyone offer some direction on how to resolve this? As always, thanks in advance for any assistance you can offer. -- John M. Crissup Network Systems Engineer Global Network Services Millward Brown 535 E. Diehl Rd. Naperville, IL 60563 ==================================================== This email is confidential and intended solely for the use of the individual or organisation to whom it is addressed. Any opinions or advice presented are solely those of the author and do not necessarily represent those of the Millward Brown Group of Companies. If you are not the intended recipient of this email, you should not copy, modify, distribute or take any action in reliance on it. If you have received this email in error please notify the sender and delete this email from your system. Although this email has been checked for viruses and other defects, no responsibility can be accepted for any loss or damage arising from its receipt or use. ==================================================== _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Pix - portmap translation creation failed Crissup, John (MBNP is) (Feb 02)
- Re: Pix - portmap translation creation failed Javier Sanchez Llera (Feb 02)
- <Possible follow-ups>
- Re: Pix - portmap translation creation failed Joe Ippolito (Feb 02)