Am attempting to have a user build a VPN related session, from a node on the inside of my FW, to a VPN host at AT&T. I see the following session build on the FW:
<166>Aug 23 2007 08:38:13: %PIX-6-302015: Built outbound UDP connection 140948597 for outside:188.8.131.52/500 (184.108.40.206/500) to inside:172.17.28.169/1019 (220.127.116.11/663) (bhuffman)
<166>Aug 23 2007 08:40:17: %PIX-6-302016: Teardown UDP connection 140948597 for outside:18.104.22.168/500 to inside:172.17.28.169/1019 duration 0:02:03 bytes 3917 (bhuffman)
Yet, when what appears to be ths return session attampts to connect across my outside interface, I see the following:
<163>Aug 23 2007 08:40:14: %PIX-3-106011: Deny inbound (No xlate) protocol 50 src outside:22.214.171.124 dst outside:126.96.36.199
Am I missing something on my PIX FW config to allow vpn related traffic? FYI, this user is in a security group associated with an access-list on the firewall that allows ip any any outbound.