From: no@post.net   
      
   We have a userbase of aproximately 500 people, physically in the same   
   building behind a PIX firewall.  Some of these users must use a VPN client   
   to connect to other facilities in another country that allows incoming VPN   
   connections.  The issue is, we can get each user connected to the VPN in the   
   other facility of we assign them a valid internet IP address specifically in   
   the firewall (ie: 192.168.10.2 = ).  When the internal address is   
   not assigned to a valid IP, the connectivity fails.  We thought simply   
   opening those ports would suffice, but we must be missing something.  We do   
   not want to provide VPN connectivity for mobile users into our coprorate   
   network, only VPN capability out to other networks.  I am probably making no   
   sense.   
      
   Thank you for the response,   
   Ketta   
      
   "Martin Bodenstedt"  wrote in message   
   news:cjh5f4$bar$1@news.BelWue.DE...   
      
   > Excuse me,   
   >   
   > I think You want to provide your users to VPN _in_ to your corporate   
   > network.   
   >   
   > Therefore only your corporate VPN gateway needs a fixed and routable IP   
   >   address. The clients can use dynamic addresses (that is addresses   
   > provided them by their isp).   
   >   
   > For L2TP you only need UDP port 1701   
   >   
   > --   
   > Martin Bodenstedt   
   >   
   > www.landtag-bw.de / www.die-bodenstedts.de   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)