I have a VPN client try to connect to a PIX 515. I can connect from all sites, but can only ping internal devices from some locations. In both cases I get an ip address, GW, DNS. Both of the locations I'm trying use NAT/PAT (behind some firewall). I have looked in some other forum notes, there they recommed "isakmp nat-traversal". Is this a possible solution.

Config:

access-list VPN permit ip 172.16.16.0 255.255.255.0 192.168.40.0 255.255.255.0

ip address inside 172.16.16.2 255.255.255.0

ip local pool VPNKLIENTER 192.168.40.100-192.168.40.150

nat (inside) 0 access-list VPN

nat (inside) 1 172.16.0.0 255.255.0.0 0 0

sysopt connection permit-ipsec

isakmp enable outside

isakmp key xxxxx

isakmp identity address

isakmp policy 9 authentication pre-share

isakmp policy 9 encryption des

isakmp policy 9 hash md5

isakmp policy 9 group 1

isakmp policy 9 lifetime 1000

isakmp policy 10 authentication rsa-sig

isakmp policy 10 encryption des

isakmp policy 10 hash sha

isakmp policy 10 group 1

isakmp policy 10 lifetime 86400

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

vpngroup vpnklienter address-pool VPNKLIENTER

vpngroup vpnklienter dns-server 172.16.16.22

vpngroup vpnklienter wins-server martin5 172.16.16.2

vpngroup vpnklienter idle-time 86400

vpngroup vpnklienter password xxx