our client has a pix 515E (6.3.4), there is a workstation trying to use a juniper VPN client to connect to a vendor network. The VPN client says it is connected but no vendor IP information is passed on to the local workstation. The client is requesting that ports 500 and 4500 be opened to support this connection. This doesn't seem correct to me. Any suggestions?
A workaround can be permitting tcp 4500, udp 500 esp and ah protocols to outside interface from any destination
access-list outside_access_in permit tcp any interface outside eq 4500
access-list outside_access_in permit udp any interface outside eq 500
access-list outside_access_in permit esp any interface outside
If doesnt work, upgrade your IOS to 7.x, ipsec-pass-through and PAT VPN configs can work at the same time.