Okay this happens to be the weirdest thing I've seen. Here is the setup. I have a Pix 515e firewall. I have VPN setup on it so my users can connect remotely from across the country.
I have one set of users who can't connect. Let me clarify. The VPN client connects, they are given a IP by the firewall, but they can't send traffic over the tunnel. I've tried pinging everything from the inside interface of the firewall to servers behind it and nothing. Now the set of users that aren't working all exist in the same location, running on the same network, and behind their own firewall. And they were working up until a week ago. Their provider says he hasn't changed anything on his firewall and I know I haven't changed anything on mine. So any help would be greatly appreciated.
Pls turn on nat-traversal on your PIX firewall:
crypto isakmp nat-traversal
That would encapsulate the ESP in UDP/4500. It looks like it fails due to that behind NAT device at that particular location.
Hope that helps.