I'm trying to set up a site to site PIX VPN to an IP address that isn't the exact IP address of the outside interface. I get the following error in the syslog and the VPN cannot connect:
Message=<163>Oct 21 2008 21:14:26: %PIX-3-106011: Deny inbound (No xlate) udp src outside:71.xxx.xxx.xxx/500 dst outside:99.xxx.xxx.xx5/500
I cannot figure out why the error lists both interfaces as Outside even though the PIX should be terminating the VPN.
It wont work because the crypto map is applied ON the outside interface. You MIGHT be able to pull this off with some port redirection but I've never done this.
Or terminate VPN on something at the back and do one to one nat pointing to .149 for that vpn endpoint. You can also just put the .149 n the outside interface.