I have sysopt connection permit-ipsec on my PIX for VPN users terminating on the outside interface.
I understand that sysopt allows VPN traffic to bypass an access-list when users VPN in (outside interface). Assuming that I also have an inside access-list (assigned of course to the inside interface), does the return traffic bypass the inside access list when returning to the remote host.
I thought not. My colleague says it does.
That aside, has anyone noticed PIX 7.2.X nat (0) access-list entries failing to increment when building VPN's. I seem to have a scenario where my site to site VPN works absolutely fine but my nat (0) doesn't increment.
Regards
Darren