I'm trying to configure a site to site VPN connection with PIX5153 6.3(5) on my end and Checkpoint at the other end.
host (172.30.10.x)--->PIX 515e---------Ceckpoint<---host.
The problem is when communications are initiated from the 172.30.10.x host, I can see the PIX encrypt packets leaving my PIX and decrypt packets coming back in (using PDM VPN Ipsec monitoring), but it appears that the packets aren't making it through the PIX back to the host.
I have also captured this traffic at the PIX and see only the outgoing packets
03:40:56.187154 172.30.10.x.3453 > y.y.y.y.699: S 242989206:242989206(0) w
in 16384 <mss 1460,nop,nop,sackOK>
Host 172.30.10.x is NAT'd to 65.125.108.x at the PIX. I have a local Cisco tech working on this as well as a TAC case open. No one seems to be able to determine what is going on. Is there a bug in 6.3(5) that prevents NATing over a Site-to-Site VPN configuration like this?