Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
379
Views
0
Helpful
1
Replies

NAT Problem IPSEC 8.3

rasoftware
Level 1
Level 1

‎05-24-2011 06:12 AM - edited ‎03-11-2019 01:37 PM

I've setup many IPSECs on previous ASA and PIXs but I have a problem with 8.3

I've used the setup wizzard and created a IPSEC rules etc and the tunnel comes up but I've noticed the way NAT excemption has changed.  I can see the two rules added by the wizzard.

I can however only ping the internal side of the ASA and nothing behind it.  Same is happening on two IPSEC tunnels from 7.2 ASAs.

In the logs I see "regular translation creation failed for icmp src inside:192.168.105.51 des outside 192.168.150.5  (105 being the LAN im pinging via the tunnel).

It says a protocol failed to create a tranaltion through the appliance.

Not sure where to look on this as it seems a translation problem.

I have PAT set also for all other traffic.

Labels:
0 Helpful
1 Reply 1

rasoftware
Level 1
Level 1

‎05-24-2011 06:31 AM

Ah i sussed it. 

The NAT exception rules apply in order like firewall rules.  Changed order and now its working.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card