Thanks Jason. > enable IKE over TCP on the clients and UDP encapsulation. > this is not a problem with netfilter, but with multiple > IPSec clients behind *any* NAT = device. Perhaps some additional info needs to be added about my configuration. I need to use standard Cisco Linux clients, as this is for people visiting (with their laptops and standard VPN setup for remote access) and wanting to get to their (Cisco) server. In fact, it could be more than one ipsec server at some time in the future. I definitely need to use a Cisco VPN gateway (can't use FreeSwan), I cannot have a single vpn client from the Linux router device as the requirement is for multiple clients behind this device. The Cisco gateway and Win 2k client can set up a connection through a NAT router, we have tried this with a Netgear device. So I thought the issue was similar to pptp vpn pass-through for multiple clients (i.e. a patch for the kernel/iptables was the way to go), hence the question. Kind regards, Roksana Subject: RE: Multiple IPSEC VPNs through a firewall based on 2.4.2X kernel Date: Tue, 24 Aug 2004 07:56:33 -0400 From: "Jason Opperisano" <Jopperisano@xxxxxxxxxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Hi, I am trying to set up multiple ipsec VPN clients working behind a Linux router with NAT/PAT, based on a 2.4.20 (can be 2.4.22) kernel. I would like to be able to connect a number of Windows (2k or XP) machines to an existing Cisco VPN server. Kind regards, Roksana
