There are two ways to get this working:1. Build a tunneled (GRE) infrastructure through the service provider network and start running IP Multicast routing - no client configs but you must have a own router at each site (I'm running 20 sites in that ...
Do you know if you are really doing NAT or if the maybe are doing PAT (i.e many inside hosts share one external host)? If they are doing PAT I think the only way to get connected to the VPN 3000 box are to use TCP encapulation.
As the Cisco 2621 has a performance of 25kpps (probably measured with 64byte packets) the maximum throughput would be: 25000x64x8=12800000 bits/second => 12.8MBit/s
