I have a situation that is driving me a bit nuts.
Remote VPN clients come into PIX as 10.32.0.0/16 to (inside) LAN 10.128.0.0/16
I had problems connecting to a host with inside address 10.128.128.12 ... connection via VPN would just not take place.
As a last resort, I added a secondary IP of 10.128.0.128 and ... voila ... connection made.
All networks defined as 16 bit (255.255.0.0). Is there some reason the 10.128.128.12 is being refused?
The statements that I think are relevant in the PIX config are:
ip local pool vpnpool1 10.32.0.1-10.32.0.254
access-list VPNxx permit ip inside 255.255.0.0 10.32.0.0 255.255.0.0
ip address inside 10.128.0.1 255.255.0.0
nat (inside) 0 access-list VPNxx
vpngroup xxxVPN address-pool vpnpool1
isakmp nat-traversal 20
Is there something that I am missing?
Enabled NAT-Traversal on the pix, use the command "isakmp nat-traversal 20".
To answer your original question, no I don't think you are missing anything, not anything in the pix anyway. But if there is anything I've learned it is that there is a reason for everything.