I have a ASA5505 as the router to the internet for my home PC. The config is just to NAT the private addresses to the public on the outside interface.
I can go to the Internet just fine. ( I am writing this post thru that configuration right now ). The problem is when I making the vpn connection ( with Cisco VPN Client ) to my office, although the Vpn Client reports "Connected", I cannot access anything there and the log on the ASA keeps showing
%ASA-3-305006: regular translation creation failed for protocol 50 src inside:172.31.1.3 dst outside:x.y.z.t %ASA-3-305006: regular translation creation failed for protocol 50 src inside:172.31.1.3 dst outside:x.y.z.t %ASA-3-305006: regular translation creation failed for protocol 50 src inside:172.31.1.3 dst outside:x.y.z.t
When I replace the ASA5505 with a Cisco 871, everything works fine.
Below is my configuration ASA Version 7.2(3) ! hostname a5505-1 enable password xYzTxYzT encrypted names ! interface Vlan1 nameif inside security-level 1 ip address 172.31.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 dhcp client update dns ip address dhcp setroute ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd xYzT encrypted ftp mode passive dns domain-lookup outside access-list out_in extended permit esp any any access-list out_in extended permit udp any any eq isakmp access-list out_in extended permit udp any any eq 4500 access-list out_in extended permit tcp any any eq ssh access-list out_in extended permit icmp any any access-list nat_conversion extended permit ip 172.31.1.0 255.255.255.0 any access-list nat_conversion extended permit ip 192.168.0.0
255.255.255.0 any pager lines 24 logging console notifications logging monitor debugging logging asdm informational mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside icmp permit any outside asdm image disk0:/asdm-523.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 access-list nat_conversion access-group out_in in interface outside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip- disconnect 0:02:00 timeout uauth 0:05:00 absolute http server enable http 192.168.0.0 255.255.0.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto isakmp enable outside telnet timeout 5 ssh 0.0.0.0 0.0.0.0 inside ssh 0.0.0.0 0.0.0.0 outside ssh timeout 5 console timeout 0 dhcp-client client-id interface outside dhcpd auto_config outside ! dhcpd address 172.31.1.2-172.31.1.15 inside dhcpd update dns interface inside dhcpd enable inside !! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global username nov_ezvpn_user2 password Qr4CR53E2Slxxx encrypted username nov_ezvpn_user1 password .c9X1tUCiUaJxxx encrypted prompt hostname context Cryptochecksum:be358d2bc37be11be0477ed7f8b61764 : end a5505-1(config)#
Any adive is greatly appreciated.
Dt