One particular limitation I just ran into is that the PIX (at least the PIX 506) isn't a router. That is, if you have a PIX-to-PIX VPN plus remote VPN clients connecting to one of those PIXs, the remote client can only see the network behind the PIX it connected to -- it can't see the remote LAN of the PIX-to-PIX connection.
Perhaps this isn't a problem for most people who have a single central site housing all network resources, and remote sites/clients don't have any servers. But if you're trying to setup a distributed intranet with remote clients that need access to services on the networks behind multiple PIXs, this is something you might run into.
I guess you need to add a router into the mix to support traffic between remote clients and remote peers, but I haven't got that far yet. If somebody thinks I'm wrong (and no router is needed), please correct me!
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...