I am using VPN client version 3.6.2a on my laptop and cannot connect to our PIX 501 at work. If I do a modem dial up to my ISP, I have no problem connecting at all. However when I connect from home over my ISDN line the client shows connected but is only encrypting outgoing traffic with no external traffic coming in and being decrypted. I am using a Cisco 802 isdn router at home. I don't have overlapping networks. I am using NAT at home and at work.
If you are able to connect using a dial up, then your client and Pix configs are good.
If you are not able to make a connection through your ISDN link, then it is your PAT that is the issue. As of today, IPSec Through NAT option is not supported on the pix and will be supported in Pix Version 6.3(Ipsec Over UDP).
You will be able to make a connection through PAT because phase 1 uses UDP Port 500 but when it comes to encrypting traffic, ESP is a protocol and does not support PAT.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...