Hey all, I just installed a PIX 501 at my house attached to my cable modem. It's doing DHCP and PAT just as configured. All users on my internal LAN can get to the Net as expected. However, I cannot get my Cisco VPN client to connect to the office without modifying the PIX config. The client connects and authenticates, but no traffic is passed between networks. I know I could do a site-to-site VPN between my 501 and my 3000, but I don't want to expose my office to my home LAN and vice-versa. My config on the PIX is very standard. To permit outbound access I... global (outside) 2 interface nat (inside) 2 192.168.1.0 255.255.255.0 0 0 I launch the VPN client on a machine behind the PIX and connect to the 3000. It authenticates me and completes the VPN negotiation. At this point, no traffic will pass through the VPN and the PIX generates... 305006: portmap translation creation failed for protocol 50 src inside:192.168.1.100 dst outside:(IP of my VPN) I can work around this by creating a static from my current public IP to the ..100 inside IP and an ACL to permit ESP inbound, but who wants to do that? And when I do, it prevents all other machines on the inside network from being able to get outside. (And yes, I know why. :-) Any suggestions? I've combed the Cisco site and googled many things. I can't figure out why the traffic is failing in the outbound direction since my NAT and global commands should be letting all traffic out. I do not have an outbound access list applied to the inside interface. I also have a hard time believing you can't use the Cisco VPN client from behind a PIX. Oh, and I have tried using the sysopt connect permit ipsec command. Any and all help is greatly appreciated! Thanks