We've got several remote locations with PIX 501s. I want to be able to access with the desktop client (on XP Pro) from anywhere. Problem occurs when I'm on behind another PIX- authentication seems to work fine, the gold lock icon locks and I get an ip address on the remote LAN. However, I can't ping or access resources on either the remote or the local LAN. When I'm not behind a PIX, everything works fine. I've got "sysopt connection permit-ipsec" & "isakmp nat-traversal" enabled.
The reason you are not able to access resources on remote LAN is because PIX does not redirects traffic, so the tunnel will get setup but the traffic will not flow. In your case when you connects a vpn client to a PIX behind another PIX, the first PIX does not redirect the traffic to second PIX and so you do not get the connectivity to remote LAN. The PIX cannot be configured for redirecting the vpn traffic. The reason you are not able to get access to local LAN, which probably is behind first PIX, is because the tunnel is to the second PIX and this PIX will not redirect the traffic to the first PIX.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...