Thanks for the reply...I was concerned that the use of the phrase 'linux novice' and 'Cisco' in the same post might make me a forum outcast !!!!!
Back on topic...
I dont have control of the far end VPN server, so I can't confirm its config... BUT my temp' work around was to put in a cheap Netgear 'cable broadband' wireless router that supports VPN passthrough and runs the usual NAT and firewall functions. This isnt a 'nice' way to achieve an end but it works OK although I only had two user's available to test it. It to uses a single external IP address.
all of which leads me back to VPN passthrough on the SME ???
What Im really confused as to why 'one' user will work, but once the second user trys to connect through the SME, the connection appears sucessfull to the VPN server, but then all end to end device connections (eg to separate mail server) just hang there at that point. Once all VPN connections are taken down there seems to be a timeout period of minutes when no user can connect before returning to a condition when any one user can connect OK.
any more thoughts, or is anyone out there using multiple IPSEC connection to a non SME device successfully ???
cheers
Jez