> The "imaginary" problem is that the program for VPN use IPSEC, and - I think > - use, also, mac address authentification.
Actually, the MAC address is unimportant. It may appear that the MAC address is what's causing things to get mucked up, but it's actually the IP address. IPSEC places a copy of the sending machine's IP address into the encrypted payload portion of each packet. When the packet reaches the other end, the ip address is compared to the actual sender's IP address to eliminate the possibility of man-in-the-middle attacks. Your firewall, by virtue of the fact that it's translating your Windows box's private 192.168 or 10. or whatever address to it's outside IP before sending on the internet is what is breaking things. There are only two solutions to this, one of which I know exists, the other is hypothetical. 1. Run IPSEC on your firewall instead of your windows box. This works, gives your whole local network access to the remote secure network (if your rules allow it) and is generally nicer than the IPSEC-on-each-individual-windows-box method. 2. The second method involves some manner of packet rewriting module on the firewall.. To the best of my knowledge, this doesn't exist, but it could be done if the module sees the IPSEC conversation from the very first packet... But again, it's a messy solution, because what would practically be required is that the machine terminate the IPSEC connection from your Windows box, then open another IPSEC connection to the remote network. Clint
