If you are trying to VPN through a PIX, you may encounter one of two problems. If you have a single PAT address and no NAT GLOBAL's available, you are pretty much hosed as far as I can see. I have poked at this variant a lot and cannot figure how to get around it.
If you have a GLOBAL pool of a few addresses, or if you can statically map from one real outside to your inside, you can certainly VPN through the PIX.
To VPN through, you will have to create conduits or access lists to permit IP/50, IP/51 and UDP/500 back into that host.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...