Is it a router to router VPN, or are people connecting to it with their workstations? If it's router to router, and one is a cisco, you might have some problems getting IPSec to work correctly in a NAT environment when only one side is NAT'd. I got around this by making an unencrypted GRE tunnel between the inside edge routers on both sides, and then making the firewall do the encryption on that traffic. If it's client to vpn server, you should be fine. jay > -----Original Message----- > From: Nate Carlson [mailto:natecars at real-time.com] > Sent: Friday, August 10, 2001 1:52 PM > To: tclug-list at mn-linux.org > Subject: Re: [TCLUG] VPN setup question > > > On Fri, 10 Aug 2001, Amy Tanner wrote: > > What is ESP and AH? Have a URL to point me to? > > AH = Authentication Header; only encrypts the authentication, > not the actual data stream. You don't want this. > > ESP = don't remember; it encrypts everything. > > Basically, you should be using ESP. > > There's documentation for this somewhere on the freeswan web site.. > > -- > Nate Carlson <natecars at real-time.com> | Phone : (952)943-8700 > http://www.real-time.com | Fax : (952)943-8500 > > > _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-> linux.org/mailman/listinfo/tclug-list >