This is exactly what I'm planning to do; I've got my mind set on having the two VPN endpoints inside two NATed networks, both managed by respective dedicated linux boxes running only netfilter.
If you're not wedded to IPSec, you might try OpenVPN, which runs over SSL. I found it a lot easier to get working.
<http://openvpn.sourceforge.net/>
