XPost: comp.security.firewalls   
   From: civikminded@yahoo.com   
      
   > Which then begs the question... how can you support dozens of clients who   
   > could quite possibly each have the same private NAT address, say   
   > 192.168.1.100, much less similar address space?   
      
   There the rub, You cant. The subnets have to be different.  Your TCP stack   
   will not know to route the packets out of the gateway.  It is a logistics   
   problem for sure.  I would have used a more unusual private address space   
   internally.  Something like 10.100.10.X   
      
   All NAT-T does is encapsulate the IP header in UDP to allow the packets to   
   go through the NAT process without being mangled.   
      
   Are you using Sonicwalls client?  Are you using a actual public IP at the   
   VPN terminating device?   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)