From: no@post.net   
      
   We have a pix firewall and we want to be able to allow L2TP VPN connections   
   out for our users.  If we map an internal system to a valid external IP   
   address and permit 1701 UDP, 500 UDP and ESP outbound and inbound, it works.   
   The problem is, we do not have 500 valid external addresses to provide this   
   functionality to everyone who requires it.  If we permit the those ports   
   incoming to our global address (the one that everyone goes out on HTTP), the   
   VPN cannot connect.  We are missing something and my best guess from what   
   information I can find is the following:   
      
   set nat entry add {internal device address} 1701 {outside NAT address} 1701   
   udp   
      
   That looks like it will still only work for one address, is this the right   
   entry to make or are we completely off.  Please any assistance would be   
   appreciated.  Clients have to be able to connect to this VPN from behind the   
   NAT firewall.   
      
   TIA   
   KeTTA   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)