Thanks for your reply, between the VPN client and the pix, there is only a pat router, which are sitting on the same segment with the pix. so, udp4500 should be open.
The other thing is, if i use client 3.6.3, it seems like i'm running into that AES bug, when i look at the log, it just keep saying "atts not acceptable". Anyway, i can still connect, but none of the traffic able to pass through it.
All i can see is encrypt packet at client side, no decrypt at all over PIX side.
I just finished test it with my PIX, it runs perfectly, I really appreciate your help.
If you don't mind, can i just ask one more question, same issue, but on Router instead of PIX.
Does a router needs the same command inorder for this NAT-T to work? i have look for it, but can't find anything close. And this router is running IOS ver 12.2(13)T. Which should work according cisco documentation. I have already set this up and test, but not any luck with the connection. Any clue?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...