Recently, our PIX-525 was upgraded from v6.3.5 to v.8.0.4. Since the upgrade, the PIX no longer allows connections from remote access clients that are behind a NAT boundary. Most of our clients are running WinXP or Vista.
I have entered the 'cry isa nat-t 60' command, but connections are still not allowed. Remote access is working correctly for all clients who are not behind a NAT boundary, so the issue is definitely with NAT traversal.
Below is my DefaultRAGroup setup. I am sure that it is something I am mising with reagrds to the new commands present in version 7.0 and above, as I am only used to working with v6.3.
tunnel-group DefaultRAGroup general-attributes
authentication-server-group (outside) RADIUS
tunnel-group DefaultRAGroup ipsec-attributes
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
no authentication ms-chap-v1