VPN client Error -Syslog ID 305006

PROBLEM:

Network topology. Remote brach office with ASA firewall and VPN client on the remote LAN. Central Site with ASA firewall terminating the remote branch VPN client. I can not connect from inside my branch network to central network using VPN client. Earlier i had in my office FreeBSD and did not have this problem (I could connect to Central ASA using VPN client), when i changed FreeBSD to ASA this problem occur. VPN client is connected, tunnel is created but nothing more.
I get an error message :Syslog ID 305006 – regular translation creation failed for protocol 50 src inside:10.0.0.22 dst outside:6.168.y.x

SOLUTION:

On remote branch office ASA use:

ciscoasa(config)# policy-map global_policy
ciscoasa(config-pmap)# class inspection_default
ciscoasa(config-pmap-c)# inspect ipsec-pass-thru
ciscoasa(config-pmap-c)#exit

On Central Office ASA use:

PIX/ASA 7.1 and earlier: pix(config)#isakmp nat-traversal 20

PIX/ASA 7.2(1) and later: securityappliance(config)#crypto isakmp nat-traversal 20

Related posts:

1. Cisco AnyConnect SSL VPN Client on Cisco ASA 5500
2. IP Phones behind a Cisco ASA 5505 Firewall
3. Allowing Microsoft PPTP through Cisco ASA
4. Permitting traffic to enter and exit the same interface
5. Configuring a Warning Login Banner on Cisco ASA Firewall

Tagged with: cisco asa vpn error Syslog ID 305006 • nat transparency • nat-t

Filed under: Cisco ASA Configuration

Like this post? Subscribe to my RSS feed and get loads more!