> So you have to activate on your clients the NAT-T "feature" and be sure the other side supports it too. Okay, so if I understand correctly it's a matter of configuring both sides of the IPSec connection in accordance with their NAT-Traversal settings, and any intermediate NATting device is blissfully oblivious. So, clearly, my next step is to figure out if Nortel's Contivity server and client software support NAT-Traversal, and I can stop looking at my iptables box and router.
