i have a pix 506e on which we have a vpn "crypto map with isakmp" tunnel created with a second party to be used for particular business need.
recently we are undergoing another project with them and for this they require us to allow specific ip addresses to be able to communicate with with there servers which will be spearate from those which we do at the moment i.e. they plan to use a vpn client from these specific computer which will create a vpn tunnel using IPSec to connect through this pix.
"i have uploaded the pix config for review"
now as far as i know that the pix do nat and if nat is working then any vpn client trying to establish vpn tunnel through pix using IPSec will not work unless i have "nat-traversal", but the command is "isakmp nat-traversal 20"
anyways, if anyone can understand the problem and can help me out here, then it would be really great.
but like i said that this time we will be using a client vpn based software to establish the tunnel but through the pix itself. so even in this case i would need to have add/create another set of crypto map vpn.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...