[nsp] Problems with pix-originated traffic across a VPN

[Regis M. Donovan]

Hi there.

I have a PIX 515 running 6.1(2) that terminates one of of a lan-to-lan
VPN connection that traverses the outside network.  My problem is that
I can't seem to get traffic sourced from the PIX to go across the VPN
- specifically, I'm trying to log to a machine on the far side of the
VPN.  Traffic that is not sourced by the PIX goes across the VPN
without a hitch.  The far end machines are able to see all of the
inside network except for the PIX itself.

I have included the inside address of the PIX in the access lists
applied to "nat (inside) 0" and to the "crypto map" matching list.
The logging statement lists the far-end address and points it to the
inside interface - "logging host inside 10.x.x.x"

I've poked around on CCO and it looks like this should work, but it
doesn't.  So I assume I'm missing something but I have no idea what.

Suggestions?

Thanks!
--regis