Am attempting to have a user build a VPN related session, from a node on the inside of my FW, to a VPN host at AT&T. I see the following session build on the FW:
<166>Aug 23 2007 08:38:13: %PIX-6-302015: Built outbound UDP connection 140948597 for outside:184.108.40.206/500 (220.127.116.11/500) to inside:172.17.28.169/1019 (18.104.22.168/663) (bhuffman)
<166>Aug 23 2007 08:40:17: %PIX-6-302016: Teardown UDP connection 140948597 for outside:22.214.171.124/500 to inside:172.17.28.169/1019 duration 0:02:03 bytes 3917 (bhuffman)
Yet, when what appears to be ths return session attampts to connect across my outside interface, I see the following:
<163>Aug 23 2007 08:40:14: %PIX-3-106011: Deny inbound (No xlate) protocol 50 src outside:126.96.36.199 dst outside:188.8.131.52
Am I missing something on my PIX FW config to allow vpn related traffic? FYI, this user is in a security group associated with an access-list on the firewall that allows ip any any outbound.