I currently have my pix515 (v.7x) acting as a vpn server. My client is on a cable connection behind it's own router/firewall.
The client can connect to the PIX vpn server just fine. It gets it's address from a pool on the pix. Once connected the client can connect to any server side (inside the pix) host/IP. It can ping everything server side as well.
My problem is, nothing on the server side (inside the pix) can ping or access any client host/resource. I don't understand cause I can connect to my pix vpn via a dial up connection, not behind any kind of router or firewall, and I can ping that host from inside the pix.
Is this a routing issue or an access issue? I'm pretty new to split tunneling, but I'm almost positive i've got that setup correctly cause everything works but Server-to-client communications..
Kevin, that did it! adding the "isakmp nat-traversal 20" free'd it right up. How hard would it be for cisco to put that in the documentation??? I probably went through 30 different pages pertaining to this in cisco kb, not once did I see this command mentioned.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...