Problems connection to Cisco VPN from behind MS ISA and a PIX firewall

Hello

I'm having trouble connecting to a Cisco VPN from behind a
back-to-back ISA/PIX firewall. I've read all the documentation on ISA
for doing this and I've enabled NAT-T on my PIX as well as opened
ports 500, 4500, and 10000 (UDP) on ISA. As a test, I placed the
workstation with the Cisco VPN client directly behind the PIX
(bypassing ISA) and I was successful at connecting to the VPN.
Although it seems as though the problem is with ISA, I found this
document that seems to confirm that it is possible to do.
http://support.microsoft.com/default.aspx?scid=kb;en-us;812076
So I'm wondering if there is something the admin at the VPN endpoint
needs to do because I am using ISA behind a PIX (NAT-T?). I plan to
call him on Monday and would appreciate hearing your suggestions or
ideas.


Here is my config, I hope I haven't done too bad a job describing it.
<-LAN-172.16.20.x--><-172.16.20.9-ISA-10.5.1.2->-dmz-<-10.5.1.1-E1-PIX-E0(pub
IP) -> ISP Router

Thanks for your help
NH