Somebody help me I am going nuts here - I have redone this config 3 times and I am sure it should work (ie I have no probs with my customers, just the PIX at my office) but the problem seem to be that the IKE Proposal process fails because a suitable set of attributes aren't chosen. Watching the debug on the pix shows that it is being offered AES 3DES etc proposals which it can't accept as it is only licenced for DES. Since VPN access isn't used much I am not sure if this stopped working after I recently upgraded the PIX to 6.3(1) or started using the 4.0 client versions.
I have since tried downgrading the Client to ver 3.63 and had no joy there either. Also I know some CLI purists hate it but I used the PDM 3.01 to run the VPN wizard.
I am testing this using a W2k machine over 56k dialup ISP account. The PIX sits behind an 827 ADSL router which statically translates ESP and UDP 500 through to the PIX. The router is running: c820-k9osy6-mz.123-1a.bin
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...