Is that all of the command? Also, there is a CyberGaurd SnapGear firewall at the other end of the site-to-site. Will it work with nat-traversal?

Thanks,

Yes, in pix 6 that is the entire command. Actually it will add "20" on the end by default so you could also enter

pix(config)#isakmp nat-traversal 20

Nat-traversal is for your vpn clients, this should not affect your tunnel to the cybergaurd firewall. This allows your vpn clients to connect over udp 4500.

Also, in your Orig_clientworking.txt config. You would also have problems connecting more than 1 remote access vpn client at a time without the nat-traversal command.

Hope this helps.

Thanks for the response. I will give that a try and let you know what I find. Thanks again.

acomiskey,

I think that we are getting closer. I can flip-flop between the VPN's working by entering the following commands:

crypto map outside_map interface outside

and

crypto map mymap interface outside

Is there a way to enable both crypto map's on the outside interface at the same time?

Thanks,

Thanks acomiskey, that was the direction I was thinking about heading. Your quick responses and knowledgeble answers were extremely helpful. Thanks again!!!

hi guys was trying to find out something and saw ur issue. well i can help in this scenario. acomiskey is trying his best to help. but the config he suggested has little bit errors. i have done it before. so do as following it will work.

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set sha-set esp-des esp-sha-hmac

crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map client authentication RADIUS

crypto map outside_map 20 ipsec-isakmp

crypto map outside_map 20 match address ipsecvpn

crypto map outside_map 20 set peer xxx.xxx.100.180

crypto map outside_map 20 set transform-set sha-set

crypto map outside_map interface outside

MAP NAME WOULD BE SAME FOR BOTH SITE TO SITE AND CLIENT IPSEC CONFIG. ONLY PRIORITY WOULD BE DIFFERENT. BECAUSE AT ONE TIME YOU CAN APPLY ONE MAP ONLY. SO CHOOSING 2 MAPS WOULD NOT WORK. USE ONE MAP NAME WITH 2 DIFFERENT PRIORITY NUMBERS. AS I DID ABOVE.

WAITING FOR YOUR RESPONSE. MUST LEAVE MESSAGE IF IT DOES NOT WORK. I CAN HELP YOU FURTHER MORE.

PEACE

Thanks, Nauman I have already tried what acomisky suggested and it works now. Thanks for your response though.