I have a Cisco VPN client(4.0.2) that needs to terminate a VPN connection on a PIX 501(6.3). The VPN client is sitting behind a PIX 525 (6.2) using PAT. I have the following entries. What am I doing wrong on the PIX 535.
Network Address Translation (NAT), including Port Address Translation (PAT), is used in many networks where IPSec is also used, but there are a number of incompatibilities that prevent IPSec packets from successfully traversing NAT devices. NAT traversal enables ESP packets to pass through one or more NAT devices.
To enable NAT traversal, check that ISAKMP is enabled (you can enable it with the isakmp enable if_name command) and then use the isakmp nat-traversal [natkeepalive] command.