Allowing VPN/L2TP through ASA

Whilst there probably is many answers to the problem “allowing VPN through ASA”, the following will fix problems with regards clients on the inside trying to establish a VPN-connection (L2TP) to remote peer on the outside.
The logs show the following error: “regular translation creation failed for protocol 47 src such and such

Due to the fact GRE is portless, and encapsulates IP-packets before it is passed on to the transport layer, the ASA struggles a bit getting a NAT going for these connections.
This can be fixed, however, by inspecting PPTP.

Inspection of PPTP is done as follows
PPTP-inspection-asa

Hope this helps.

Download as PDF
5.00 avg. rating (99% score) - 1 vote

Author: Gos

Have been working in the IT business since 2003 and have had network and security as field of focus since 2008.

Leave a Reply

Your email address will not be published. Required fields are marked *