(Apologies if this appears twice - **** wireless networks!)

I know this may be a popular subject, but bear with me...

We have half a dozen users on our network who access AT&T's Extranet.At the moment, this is achieved by using analogue modems to dial intoAT&T Global Network, then doing a VPN connection to the Extranet:
slow, messy and expensive. We'd much rather use our 2Mb internet line.

The AT&T VPN software is IPSec-based, and looks to be a reengineered
version of a Nortel client. It claims to allow NAT traversal. All of
our PCs are behind BorderManager 3.7, and 3.8 can't come soon enough
for me <g>

I've opened up all the relevant ports in BorderManager (I hope) and
tried to create the VPN connection. Using dynamic NAT, the connectionfails when trying to negotiate with the VPN server - fair enough. Butsetting up a static NAT to one of our public IP's _works_. This solves

the problem, except that we haven't got enough public IP's to set up a

static NAT for everyone. It's not a filter problem - an UNLOAD IPFLT
produces the same result.

Any clues as to why static NAT would work but dynamic doesn't? After
all, both are doing address translation...

All help/advice gratefully received ...