Everthing looks good in the stats and I authenticate, but no traffic is passed. The virtual interface on the client PC shows up and the route tables look good. I recall there is something I need to do in PIX_1 to allow this to happen but I don't remember what it would be. PIX_2 is configured OK and accepts VPN connections for others just fine.
Additional info, PIX_1 is a 506E, PIX_2 is a 515. PIX_1 is in a SOHO DSL environment and has only one outside IP address. PIX_2 is in a corporate environment. For various reasons it is not desireable to set up a PIX-PIX vpn.
I haven't done anything to allow ESP inbound on PIX_1. I'll check CCO and see how to do allow it. Here is the pix-1 config (shortened). The ipsec config is to allow me to connect from outside and hopefully isn't going to affect what I am trying to do.
access-list outside_access_in permit tcp any interface outside eq smtp
access-list outside_access_in permit tcp any interface outside eq ssh
access-list outside_access_in permit tcp any interface outside eq 3389
access-list outside_access_in permit tcp any interface outside eq www
access-list inside_outbound_nat0_acl permit ip 192.168.99.0 255.255.255.0 192.168.99.192 255.255.255.224
access-list outside_cryptomap_dyn_20 permit ip any 192.168.99.192 255.255.255.224
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...