My remote customers connect to the Cisco VPN Concentrator to access hosted applications. I have one customer who is giving me a lot of trouble. He says that his firewall and VPN Client (not sure what brand he's using at the moment) at his location will have problems connecting to a Cisco VPN because of encapsulation. He wants to know if we use full encapsulation or partial encapsulation. I know the VPN Concentrator uses IPSEC, which encapsulates a packet by wrapping another packet around it and then encrypts the entire packet. So it my eyes that would be full encapsulation. Would you agree? I'm not sure what type of firewall or VPN client they are using, I just left them a message to find out. They swear its a problem with Cisco devices:) What do you think?