I have a client that uses Shiva VPN (IPSEC-based) across our FreeBSD firewall. Now, it would seem that most current IPSEC implementations expect to see a unique client IP address for each tunnel. Because the FreeBSD firewall is NAT'ing the internal network (well, PAT, but who uses that term anymore?) for Internet access using one IP address Shiva fails if more than one user tries to use create a VPN connection.
The obvious solution is then to assign one unique public IP address to each Shiva user. This will work. However, I'd like some suggestions on other ways to solve this. Has anyone worked with Shiva VPN? What about using IPSEC to multiple clients across a NAT'ing router? Keep in mind that we do not have access to the VPN itself. I can only act as a router here and not an end-point. (Actually, I wouldn't be opposed to solutions assuming I can act as an end-point, just for completeness.) --- Dustin Puryear <[EMAIL PROTECTED]> Puryear Information Technology Windows, UNIX, and IT Consulting http://www.puryear-it.com
