Greetings; after three weeks of reading up and catching up on VPN, and   
   basically having to set it up for users to :   
      
   A) Work from home (static, and DHCP ISPs)   
   B) Work at a foreign site (static IP, site is firewalled and I have no   
   control over their settings)   
      
   To get access to the company resources, everyone passes through a   
   netscreen firewall vpn appliance.   
      
   I'm still trying to get over the learning curve here and have managed to   
   partially accomplish objective A, but not B at all.   
      
   My static IP users connect fine through the SafeNet client software with   
   auto IKE with pre-shared keys.  Don't have to worry about key management   
   so I'm happy.  Most of my dynamic IP users are only getting on only   
   through manual keys because netscreen documentation states limitations   
   with dynamic IPs with AutoIKE, but some DSL users are failing to connect   
   even though they are going through the wire to the DSL modem and nothing   
   else.  Any tips as to why?  Manual keys are bad I hear, so what's the   
   logical step away from this method?  Using certificates seems to be the   
   only documented alternative in my manual.   
      
   Problem B is trickier since I can't configure the site's firewall, but I   
   can request what I need to be done.  I'm configuring for auto-key using   
   preshared keys for this user.  What do I need to ask for at their site?   
     Enable IPSec passthrough for my user's internal IP?  DMZ him?   
   Configure the VPN such that it's more firewall friendly (if so, pray   
   tell how)?   
      
   Thanks,   
    From a newbie   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)