It´s an IPSec problem. I don´t want to go into detail but you probably should try NAT-Traversal.I have a class C private net behind both a dedicated linux/iptables box and a Linksys BEFSR41 broadband router. Traffic outbound from the iptables box to the router is DNATted to that machine's "external" (but still private) IP by iptables, and NATted again by the router to ITS external (public) IP. Everything works fine, except...
I need to be able to run two concurrent passthrough IPSec sessions outbound through that configuration. Singly, they work fine. When run concurrently, the second one to try and connect to the office VPN (the IPSec requirement) fails.
Digging through Linksys documentation reveals that this particular router will not support more than one passthrough IPSec session. Before I go and drop money on a replacement router (such as the BEFSX41), are there inherent limitations with iptables (or, probably more accurately) with NAT/IPSec generally, that would render such a purchase a waste of money in that it wouldn't solve my problem?
Of course, I COULD bypass the iptables box and plug the second connecting device right into the (new) router, but I'd rather not do that if I don't have to.
For the theory http://www.ipsec-howto.org/x180.html
And the outbound traffic from the linux box to the router probably is SNATed ;).
