It is working now. I've done it with Linksys and Netopia DSL routers.
Software client on the laptop that DOES tunnel mode ESP. No AH and running
through a PAT and it works flawlessly. I just want to know how it works,
I've already determined that it does.
The point where my logic fails is where PAT relies on modifying the TCP/UDP
port numbers, an ESP packet has a standard IP header with an additional
protocol 50 ESP header. Since there is no ports to change to create a table
to keep track of which packet came from which internal client, what is used
to keep track.
Someone said something about the UDP encapsulation, but what about the
NETOPIA which doesn't do that?