Core issue
Intermediate device is blocking IPSec traffic between the client and the PIX.
Resolution
Perform the following steps.
- Issue the show crypto ipsec sa command.
- Identify your connection entry.
- Check the encrypt and decrypt counters.
If you see no decrypts, there could be a firewall and or packet filter device blocking protocols 50 (ESP) or 51 (AH) between the client and the outside PIX interface.
If you see decrypts and no encrypts, there could be a routing issue on the PIX. Verify that there is a default route set on the PIX, and check the routing table on the PIX. If the problem persists, open a service request at the TAC Service Request Tool.