> Yes, the Cisco 675 does NAT. I've had to punch holes for my > SSH, SMTP, and IPSec. (I really should get around to trying the IPSec > sometime...) IPSec does not work through NAT. Both your client and server must support NAT Traversal (NAT-T) for this to work. I believe the Cisco VPN client will do this, and I know for a fact the Netscreen client does it. But, the other endpoint must support it also. The reason is that NAT changes the source address, and the checksum in AH will no longer match. Search for NAT traveral and ipsec on google, and you'll find out more of the reasons it won't work without NAT-T. Jay