Yes, it is. Or pretty much.
From the Wikipedia article: http://en.wikipedia.org/wiki/Rijndael
Strictly speaking, AES is not precisely Rijndael (although in practice they are used interchangeably) as Rijndael supports a larger range of block and key sizes; AES has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits, whereas Rijndael can be specified with key and block sizes in any multiple of 32 bits, with a minimum of 128 bits and a maximum of 256 bits.

No - we never did get this resolved.

We engaged the contractor's parent company to see if they could enable NAT traversal, or at least look into it - but beyond saying that they would look into it, were not able to get any attention on the topic.  The immediate project need has diminished - as the initial scope was completed - but I envision this coming back up again soon.  If I knew exactly what they were doing on their end I would try to reproduce the scenario, but as it stands we're at a dead-end until it the need comes back up, or until we run into a similar issue with a different client.

If you make any progress on this in the iterim - I would love to hear about it - please post and/or PM me.  I'll of course do the same if/when it becomes an issue again for us.

Thanks!

NM.  I just had someopne install pfsense on the smoothwall machine.  Too much hassle otherwise.

Ok, no problem, have fun
Greetings from Germany
heiko

bump…
I too am interested in a solution as such. I am under the impression you need to make an ipsec rule that allows traffic from 0.0.0.0 to any or something along those lines?

Another solution is to pitch in on the existing bounty. http://forum.pfsense.org/index.php/topic,10570.0.html

Ok, I'll try to start over.
I didn't create firewall rules, which was probably why it didn't work originally, thanks for the heads-up.

Thanks for your help guys, i gave up on endian to pfsense through ipsec, i put in a linksys vpn router into the office with endian and put untangle onto the endian pc for web filtering etc…

Check out IPSec config on the new 1.3AlphaAlpha builds- It has DPD and more.

IMO, IPSec is more suited to permanent site-site connections.
OpenVPN is more secure, but needs a client-side app. PPTP may be a better choice if you need occasional access from various places- you can use the stock VPN wizard on Windows boxes.

I've found a confirmation of what heiko said about the identification mode with a preshared key, in the source code
ipsec_doi.c
/* In main mode with pre-shared key, only address type can be used. */

1.21 isn´t available at the moment