> ipsec does not work with nat, at all. they have very conflicting > goals. (nat wants to look at/rewrite payload, ipsec tries to > encrypt payload and detect the rewrite of payload) > Thanks, so then the option would be to do ipsec on the routers and nat after that? However, that would leave the internal network without ipsec. Ack! Bye, Reinoud.