Question : Problem with IPSEC traffic.  No translation group for protocol 50.

I'm trying to bring up a tunnel to another company, and am having a problem getting traffic to pass.  The P1 and P2 comes up just fine, but I'm missing something in my config that I can't seem to find.

It's a PIX 515e pair running 8.04.

3      Jul 07 2010      16:48:16      305005      173.161.179.105                        No translation group found for protocol 50 src outside:165.123.243.156 dst inside:173.161.179.105 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:

: Saved
:
PIX Version 8.0(4)
!
hostname xxx
domain-name cxxxx
enable password xxxx encrypted
passwd xxxx encrypted
names
name xxxx Mark-Home
name xxxx Dex-Backdoor
name 10.200.144.0 Corporate
name 206.90.10.0 EEtime
name 10.132.17.0 DMZ
name 10.190.150.22 Trev-Storage01
name 10.200.145.207 Server-Gbay-linux01
name 10.200.42.0 VPN-Pool
name 10.190.150.20 Trev-DC01
name 10.190.150.21 Trev-DC02
dns-guard
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address 173.161.179.105 255.255.255.248 standby 173.161.179.106
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 10.190.150.1 255.255.255.0 standby 10.190.150.2
!
interface Ethernet2
 shutdown
 nameif DMZ
 security-level 50
 ip address 10.190.153.1 255.255.255.0
!
interface Ethernet3
 shutdown
 nameif intf3
 security-level 6
 no ip address
!
interface Ethernet4
 shutdown
 nameif intf4
 security-level 8
 no ip address
!
interface Ethernet5
 shutdown
 nameif intf5
 security-level 10
 no ip address
!
boot system flash:/pix804.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
 domain-name xxxx
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network GreenBay-Nets
 network-object Corporate 255.255.248.0
 network-object EEtime 255.255.254.0
 network-object DMZ 255.255.255.0
 network-object VPN-Pool 255.255.255.0
object-group service FTP tcp
 port-object eq 990
 port-object range 2000 2010
access-list nonat extended permit ip 10.190.150.0 255.255.255.0 object-group GreenBay-Nets
access-list nonat extended permit ip 10.190.150.0 255.255.255.0 170.212.102.0 255.255.255.0
access-list nonat extended permit ip any 10.190.150.0 255.255.255.0
access-list ToGreenBay extended permit ip 10.190.150.0 255.255.255.0 object-group GreenBay-Nets
access-list outside_access_in extended permit ip object-group GreenBay-Nets any
access-list outside_access_in extended permit tcp any host 173.161.179.105 object-group FTP
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit ip 170.212.102.0 255.255.255.0 10.190.150.0 255.255.255.0
access-list ToHUP extended permit ip 10.190.150.0 255.255.255.0 170.212.102.0 255.255.255.0
access-list inside_access_in extended permit ip any object-group GreenBay-Nets
access-list inside_access_in extended permit ip any 170.212.102.0 255.255.255.0
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip 10.190.150.0 255.255.255.0 any
pager lines 24
logging enable
logging asdm informational
logging host inside 10.200.145.219
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu intf3 1500
mtu intf4 1500
mtu intf5 1500
failover
failover lan unit primary
no monitor-interface DMZ
no monitor-interface intf3
no monitor-interface intf4
no monitor-interface intf5
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
asdm image flash:/asdm-61551.bin
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 10.190.150.0 255.255.255.0
static (inside,outside) tcp interface 990 Trev-Storage01 990 netmask 255.255.255.255
static (inside,outside) tcp interface 2000 Trev-Storage01 2000 netmask 255.255.255.255
static (inside,outside) tcp interface 2001 Trev-Storage01 2001 netmask 255.255.255.255
static (inside,outside) tcp interface 2002 Trev-Storage01 2002 netmask 255.255.255.255
static (inside,outside) tcp interface 2003 Trev-Storage01 2003 netmask 255.255.255.255
static (inside,outside) tcp interface 2004 Trev-Storage01 2004 netmask 255.255.255.255
static (inside,outside) tcp interface 2005 Trev-Storage01 2005 netmask 255.255.255.255
static (inside,outside) tcp interface 2006 Trev-Storage01 2006 netmask 255.255.255.255
static (inside,outside) tcp interface 2007 Trev-Storage01 2007 netmask 255.255.255.255
static (inside,outside) tcp interface 2008 Trev-Storage01 2008 netmask 255.255.255.255
static (inside,outside) tcp interface 2009 Trev-Storage01 2009 netmask 255.255.255.255
static (inside,outside) tcp interface 2010 Trev-Storage01 2010 netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 173.161.179.110 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 10.190.150.0 255.255.255.0 inside
no sysopt connection permit-vpn
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address ToGreenBay
crypto map outside_map 1 set peer 74.87.120.3
crypto map outside_map 1 set transform-set ESP-3DES-MD5
crypto map outside_map 1 set security-association lifetime seconds 28800
crypto map outside_map 1 set security-association lifetime kilobytes 4608000
crypto map outside_map 2 match address ToHUP
crypto map outside_map 2 set peer 165.123.243.156
crypto map outside_map 2 set transform-set ESP-3DES-MD5
crypto map outside_map 2 set security-association lifetime seconds 28800
crypto map outside_map 2 set security-association lifetime kilobytes 4608000
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
crypto isakmp ipsec-over-tcp port 10000
telnet 10.190.150.0 255.255.255.0 inside
telnet timeout 5
ssh Mark-Home 255.255.255.255 outside
ssh Dex-Backdoor 255.255.255.255 outside
ssh 74.87.120.0 255.255.255.0 outside
ssh Corporate 255.255.252.0 inside
ssh 10.190.150.0 255.255.255.0 inside
ssh VPN-Pool 255.255.255.0 inside
ssh timeout 60
ssh version 2
console timeout 0
management-access inside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 129.6.15.28 source outside prefer
group-policy DfltGrpPolicy attributes
 vpn-idle-timeout none
username admin password gyjIcGFjFJD2hDjw encrypted privilege 15
tunnel-group DefaultRAGroup ipsec-attributes
 isakmp keepalive threshold 10 retry 2
tunnel-group 74.87.120.3 type ipsec-l2l
tunnel-group 74.87.120.3 ipsec-attributes
 pre-shared-key *
tunnel-group 165.123.243.156 type ipsec-l2l
tunnel-group 165.123.243.156 ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns migrated_dns_map_1
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect http
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect icmp
  inspect icmp error
  inspect ipsec-pass-thru
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:a19ec61b7a1513513a0c2236e0fc6b15
: end

Answer : Problem with IPSEC traffic.  No translation group for protocol 50.

Use the Synaptics Package manager in Ubuntu and search for "smbfs".
If not already installed, install it

Then add entries in /etc/fstab file like this:
//192.168.10.1/share   /mnt/drive_X   cifs   guest,_netdev   0 0

If you have password enabled share, add an entry like this:
//192.168.10.1/share   /mnt/drive_Y   cifs   username=xxxx,password=xxxxx,_netdev   0 0

There are no "Drives" in Linux, there are "mount points".
mount points are directories, so X: equivalent would be directory /mnt/drive_X where your share is mounted.
Random Solutions  
 
programming4us programming4us