> Thanks Jason. > > > enable IKE over TCP on the clients and UDP encapsulation. > > this is not a problem with netfilter, but with multiple > > IPSec clients behind *any* NAT = device. > > Perhaps some additional info needs to be added about my configuration. > I need to use standard Cisco Linux clients, as this is for people > visiting (with their laptops and standard VPN setup for remote access) > and wanting to get to their (Cisco) server. In fact, it could be more > than one ipsec server at some time in the future. I definitely need to > use a Cisco VPN gateway (can't use FreeSwan), I cannot have a single vpn > client from the Linux router device as the requirement is for multiple > clients behind this device. The Cisco gateway and Win 2k client can set > up a connection through a NAT router, we have tried this with a Netgear > device. So I thought the issue was similar to pptp vpn pass-through for > multiple clients (i.e. a patch for the kernel/iptables was the way to > go), hence the question. > > Kind regards, Roksana the standard cisco vpn client for linux supports IKE over TCP & UDP/TCP tunneling of IPSec traffic--read the admin guide for details. the settings are something like: EnableNat=1 TunnelingMode=0 TcpTunnelingPort=10000 the easiest way to do this is just take the .pcf file from a working windows client and copy it to your linux client. this is getting pretty OT... -j
