as I'm not a PIX specialist and have not yet found any enlightening information on the web I ask here:
I have a VPN client that tries to connect to a PIX. In a wireshark trace I see that it changes from ISAKMP to UDP port 4500 which in my opinion occurs when NAT is in between. I do not see any reply from my PIX to the port 4500 messages but only retries on ISAKMP - finally the connection is not established.
Are there any special commands needed to allow port 4500 on the PIX? I have at least "crypto isakmp enable" and "crypto isakmp nat-traversal 20", furthermore there's an access-list on the outside interface (in my opinion this access-list should not be looked at because ISAKMP/4500 ends on the PIX).
Any hint or question is appreciated.