I have a machine in the DMZ of our PIX 515E (6.3.3) that needs to connect to an outside IP address. It has Cisco VPN Client 4.0.4D and it is set up to allow transparent Tunneling and to use IPSEC over UDP (NAT/PAT). If I give it a public IP and stick it on the outside everything works.
Using debug, I can see it is trying to connect to port 500 on the other side, but it gets no response.
I have a static NAT through the firewall, I have fixup protocol esp-ike, I have allowed udp ports 500, 4500 and 1000 for the DMZ and outside addresses.
Can anyone tell me what I am missing?