I have a problem with getting this pix to work good. I always been configuring pix with vpn client setup but this time i just cant resolve the issue.
When setup the vpn connection, all goes well. Allthough traffic is not passing to the lan...
below the output of the vpn clients
sh cry ipsec sa #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0 #pkts decaps: 3, #pkts decrypt: 3, #pkts verify 3
sh cry isa sa Total : 1 Embryonic : 0 dst src state pending created 195.x.x.1 83.x.x.10 QM_IDLE 0 1
When i remove the isakmp nat-traversal 20 statement, i get: sh cry ipsec sa #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0 #pkts decaps: 0, #pkts decrypt: 0 #pkts verify 0
no traffic at all...
here's a copy of my vpn config:
access-list split permit ip 192.168.6.0 255.255.255.0 192.168.123.0
255.255.255.0 access-list nonat permit ip 192.168.6.0 255.255.255.0 192.168.123.0 255.255.255.0ip address outside dhcp setroute retry 4
global (outside) 1 interface global (inside) 1 interface global (intf2) 1 interface nat (inside) 0 access-list nonat nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat (intf2) 1 0.0.0.0 0.0.0.0 0 0
sysopt connection permit-ipsec crypto ipsec transform-set myset esp-des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set myset crypto map mymap 90 ipsec-isakmp dynamic dynmap crypto map mymap interface outside isakmp enable outside isakmp identity address isakmp nat-traversal 10 isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 vpngroup digicore address-pool ippool vpngroup xxsx plit-tunnel split vpngroup xxx idle-time 1800 vpngroup xxx password ********
I also tried installing a updated version of the cisco client, but this didnt help much. I can connect to other sites without a problem with the same client.