said by tiger9:
Really? I thought I could just forward IP/50 [ESP] on to the server. Thanks, though.
EDIT - Isn't IPSec ESP compatible with NAT? I know that IPSec AH  isn't, but my sources say that ESP is OK with it.
Microsoft doesn't recommend IPSec NAT-T (UDP 4500) for a VPN server behind NAT: »support.microsoft.com/kb/885348
You're likely to experience problems with clients behind NAT with IPSec/L2TP if you can't enable it though.--
Linux Haters Unite!