First question - can vpn users not behind the pix 525 successfully access that server which is on the 535's DMZ? If the answer is no, then the 535 probably needs some nat 0 access-list changes to ensure that DMZ - VPN client traffic does not get NAT'd.
UDP 50 isn't IPSec. ISAKMP uses UDP 500, and once the tunnel is up, it should either be ESP or AH protocol, or UDP 4500 is nat traversal is enabled. Are you sure you have the log message correct?
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...