Win2k server L2TP/IPSec problems

[mossk]

Hi all, I'm newbie here, so a quick hi to all...
Down to business...
I'm testing an L2TP over IPSec VPN. Its supposed to be a Main office-Branch office kind of setup. In addition I should have dial-in access for remote users.

My setup up:
MAIN OFFICE LAN.
1. A firewall(Linux), 2 NICS, both public IPs.
2.A win2k adv.server as VPN server. This is also the DC and runs a root enterprise CA. Machine certificate installed.
3.A client running win2k prof.

BRANCH OFFICE LAN
basically the same setup as above only that the VPN server is not a CA. I also haven't a machine certificate yet, but I have installed a router certificate for the dial-out account.

Problem:
PPTP and L2TP(without IPSec) work fine with the simple PPP authentication.

However, L2TP/Ipsec is giving me trouble.
I get a "no answer" kind of error. I've tried re-installing certificates, but still same thing.

NOTE:
my firewalls at the moment has all filters off-i.e. they allow everything in (do I need some explicit rules??).
Also both LANs are using public IPs, so no NAT.

Has anyone configured an L2TP over IPSec VPN? or any Ideas,...please help...
Mo


-------------------
PEACE Y'ALL