This document assumes that you have a Bering Firewall with an internal interface on eth1 and an external interface on eth0, and that you want to accept IPSec connections from Windows 2000 machines ("roadwarrior" clients or gateways for subnets) on the external interface, then treat those external clients or subnets as members of your internal network.

Also, there is a sizeable portion of this document that covers the configuration of the Windows 2000 IP Security Policy Utility. Please do not let this part slow you down if you are not interested in interoperating with Windows 2000 clients. It is extremely long, and I only wrote it down because most of what I found on the internet about it was pure "click here - click there" stuff and didn't really explain what was going on or the ramifications of "clicking there." I spent a lot of time trying to figure out the dark mysteries of their user interface, so hopefully, no one else will have to wear out their mouse finger trying to do so.

There are more complex configurations than this, which you should be able to understand better after reading.

Comments on ths section should be addressed to its maintainer: Chad Carr <ccarr at franzdoodle.com>.