pls do check if symantec is using g1 or g2 for phase I ? also in my experience , we can get more detailed info if we capture the pix logs in this scenario ,since symantec seems to be the initiator. what logs do you see in the pix when the symantec initiates the ipsec tunnell ? PIX will complain if the policies do not match, then you can change the policies to match for both phase I and phase II
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...