You can enable forwarding via echo 1 > /proc/sys/net/ipv4/ip_forward (or something like that, I'm a road warrior right now, no linux box in sight) As for masqurading, that may be necessary, as Cisco is more strict on the IPsec VPN tunnel. The ACL that directs traffic to the VPN is also responsible for dropping traffic that does not match. The only way to be rather flexible with that, is to do IPsec over GRE, but this clashes with your design needs on a few different angles. If the Linux host has success communicating to the IPsec peer, then it should be able to say, iptables -A OUTPUT -o ppp0 -j MASQUERADE I would also check "iptables-save -c" for hit counts, and forwarding, and other policy. HTH, Scott. -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
