I apologize, but this is a follow up to a prior post.

To be more clear, I have a group of users from a remote organization who are coming into our organization and temporarily using our computers for classes. The group would like to access their organization's network via VPN through our PIX. So for testing I am using Cisco VPN client with the user's VPN credentials to establish the connection. Tunnel gets created but no data can be transfer.

I have added and succesfully created a tunnel by adding the following acl to my config:

access-list 65 permit udp any host a.b.c.d eq isakmp

This creates the tunnel but no data can be transfered. I was advised to configure esp-ike. When I attempted to configure fixup protocol esp-ike I got the following response:

CAVEC-FARM-PIX(config)# fixup protocol esp-ike

PAT for ESP cannot be enabled since ISAKMP is enabled. Please correct your conf

iguration and re-issue the command!

This is exactly what one of the previous respones indicated in regards to esp not being able to be turned on if VPN tunnels are configured to terminate on the outside interface.

If I disable isakmp, Would I lose the ability to VPN into my internal network from the outside?

I was also advised to do a one-to-one NAT for every client attempting to connect out through the PIX if I had terminating VPN connections on the outside interface. Not sure I understand how one-to-one NAT would allow me to do what esp-ike does.

How do I ensure that traffic is being transfered across the tunnel? This is probably my main problem, not being able to get data across the tunnel. I would like to accomplish this without disabling isakmp.

Please let me know if you need to see my config.

Thanks in advance

I apologize again for the follow up on a previous post and for the long post.