> Richard Welty wrote: > the needed three legged firewall, bridging two interfaces and > using NAT on the third one, is rather more complicated than i > wanted to deploy for a budget-constrained customer. neither i > nor my client feel that there was a much of a win here, but > there weren't any other options, either. This is a clever setup; am I guessing correctly in saying that fortunately the IPSEC part needed to terminate on only one or two servers and not on each host? Michel.