> On Tue, Aug 24, 2004 at 01:46:45PM +0800, Ming-Ching Tiew wrote: > > Instead of making your VPN clients tunnel thru' Linux NAT router, > > it would be better if you make the Linux NAT router perform > > IPSEC VPN client functions with the Cisco ipsec VPN server > > How does one do that? Does one have to install a different software for that? > Redhat distributions include IPSec capabilities, though I am not too familiar with the versions. If you would like to roll your own, I recommend you use openswan - freeswan/superfreeswan are supposed to be freezed or in slow maintainance mode. You must first find out if the Cisco is going to use 'Aggressive Mode'. Avoid using 'Aggressive Mode' if possible. If 'Aggressive mode' is needed you have to use openswan-1.0.7, otherwise use openswan-2.1.4 or 2.1.5 because they patch the kernel more cleanly.