we have a cisco pix 515E with a vpn to a vendor. there are 15 devices that need to traverse the vpn, all are on the same network. The problem is, all are fine except one. The only difference is, the one device that does not want to traverse the vpn is initiating traffic to the remote site, and the others receive traffic.
the pix is denying the traffic for some reason and not sending it through the tunnel. Is there some statement i need to put in to allow for this?
The internal address are not nat'ed locally, they are natted at the remote site, hence the nonat access list. Once again, all work fine except for the one initiating traffic locally. We are on IOS version 6.3(4)
access-list vpntraffic line 15 permit ip host 10.0.200.42 10.10.20.0 255.255.255.0
access-list nonat_dmz1 line 20 permit ip host 10.0.200.42 10.10.20.0 255.255.255.0