nat-traversal
 

I was trying to get some wireless laptops running the cisco vpn client (both linux & windows) behind a linux nat and was only able to get 1 laptop to connect one at a time. After some quick research, I was able to get the laptops to connect to the vpn simultaneously behind a Cisco PIX running 6.3.2 with nat-traversal and having gre and udp allowed inbound.
Another drawback, I have to consume public addresses for each nat translation. I would prefer to use PAT (single address --> many internal translations), but I don't think it is an option

Has anyone seen or be able to do this with iptables?
The reason being, the PIX is limited to a 24 bit dhcp scope, whereas I have a 16bit scope on my linux boxes.