I have users that can't connect vpn when they are a behind a pix running PAT at another site. I see the traffic hit my ASA but the source port is always something other than 500, is it possible for it to work if the initial packet is not sourced from UDP 500?
NAT-T is enabled and works fine as long as the source port of the initial packet is UDP 500.