- Gold, 750 points or more
We had nat traversal working just fine on our PIX
515E bundle running ver 6.3.4
Allowing ah, esp, iskmp, udp port 500 in.
nat traversal enabled. sysopt permit-ipsec.
users behind the pix can estrablish vpn connections, but traffic does not pass. users can establish vpn & pass traffic just fine when they are in front of the pix. The users connect to various vpn devices that we have no control or access to
If I understand, the error occurs only for users behind your pix since an upgrade to 704?
Check if the following statements are present in your pix config:
isakmp nat-traversal 20
isakmp ipsec-over-tcp port 10000
isakmp enable outside
Also the error may occur because of some missing access-list for users behind the pix.