Just came across an issue with ASA 5540 and PIX 7.1.
There is a VPN client behind the ASA and the ASA is a PAT device. The ASA is just a pass-through device which needs to allow the vpn traffic through it connecting to a remote server.
I have enabled sysopt connection permit vpn, and i have also temporarily allowed all traffic (IP and ICMP) interfaces.
I was able to connect to the remote server through the Cisco VPN client and enter the user credentials. But beyond that, I was not able to do anything. This was happening even after I enabled NAT-T on the firewall (isakmp nat-traversal 20).
I was not able to ping to the remote server. But after I did a one-to-one static NAT for my machine, I was able to ping the server.
So, basically, PAT was the reason for which I was not able to connect, as static NAT resolved the issue. Cisco recommends one solution NAT-T and even that has been tried.
Do you have any suggestions on what else could be tried?
Looking forward to your help in this regard.
Thanks a lot