Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: Pix - portmap translation creation failed

Re: Pix - portmap translation creation failed

From: Javier Sanchez Llera <jsanchez_at_myalert.com>
Date: Mon, 02 Feb 2004 17:50:21 +0100

Hi,

you should use the option "sysopt connection permit-ipsec" on your
config to let ipsec traffic pass through the pix. You should take car of
the nat-travsersal options that your vpn-client should have.

Cheers

Javier Sanchez Llera
jsanchez_at_myalert.com
Systems Administrator
MyAlert.com

El lun, 02-02-2004 a las 16:38, Crissup, John (MBNP is) escribió:
> OK, folks, need your help. We have a user trying to VPN out of our network
> using a Netscreen or SafeNet (??) client (Sorry, got that second hand and am
> not up on Netscreen products). I'm seeing a syslog entry being generated by
> the PIX for message %PIX-3-305006. The exact error follows (appropriately
> scrubbed)...
>
> %PIX-3-305006: portmap translation creation failed for protocol 50 src
> inside:172.20.1.1 dst outside:A.B.C.D
>
> My PIX 520 (Ver 6.3.1) is configured to use PAT for all Internet bound
> traffic. A search of Cisco's site turns up nothing about this particular
> error except a bug report that the documentation needs to be updated to show
> this error. Can anyone offer some direction on how to resolve this?
>
> As always, thanks in advance for any assistance you can offer.
>
> --
>
> John M. Crissup
> Network Systems Engineer
> Global Network Services
>
> Millward Brown
> 535 E. Diehl Rd.
> Naperville, IL 60563
>
> ====================================================
> This email is confidential and intended solely for the use of the
> individual or organisation to whom it is addressed. Any opinions or
> advice presented are solely those of the author and do not necessarily
> represent those of the Millward Brown Group of Companies. If you are
> not the intended recipient of this email, you should not copy, modify,
> distribute or take any action in reliance on it. If you have received
> this email in error please notify the sender and delete this email
> from your system. Although this email has been checked for viruses
> and other defects, no responsibility can be accepted for any loss or
> damage arising from its receipt or use.
> ====================================================
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards_at_honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 02 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos