This network consists of a main office (C) and two regional offices (A) & (B). There is a Linux box (RH7.1) running FreeSwan (v1.91) and the two regional offices each have a Cisco 3620 router with IOS 12.1 and 3DES IPSEC. The plan is to allow the private networks at each office to "see" each other (as well as the main office) using a VPN across the Internet. Office B is also using NAT on the Cisco router which adds a complication. With NAT and IPSEC on a router, the order of the access-list statements is very important.
Office A Subnet - 192.168.100.0/24 ---------------------------------- | | ----------------Router A
---------------- | | ---------------- INTERNET ---------------- | | ---------------- FreeSwan Box |--Main Office C Subnet - 192.168.1.0/24ipsec.conf - ipsec.secrets
---------------- | | ---------------- INTERNET ---------------- | | ----------------Router B (NAT)
---------------- | | --------------------------------- Office B Subnet - 192.168.90.0/24