>> I'm running 1.3b1 with nothing special other than outbound NAT enabled,
>> and a number of VLANs.
>> I gave a customer that is trying to connect to an IPsec server behind our
>> NAT. If I set him up to use one of our 1:1 public IPs everything works
>> fine. If I set him up behind our NAT (10.61/16) it will not connect.
>> I know about the limitations of m0n0wall and NAT-T.
> Which don't exist as of one of the 1.3 versions. Maybe not until 1.3b2
> though. Regardless, that only comes into play when m0n0wall is the
> IPsec endpoint.
> If you disable source port re-mapping (see advanced outbound NAT) it
> may fix it.
I did try that but it did not help. I also tried allowing all traffic in on
the WAN interface destined for the public IP he is routed.
Thanks for your help.