A system and method are shown for multiple network devices to operate as a single logical entity for serving tunnel connections. A cluster master device is connected to a multiple network devices through a local area network (LAN). The cluster master device is also connected to a wide area network (WAN) and has a master address that is unique on the WAN. The cluster master device receives a tunnel connection set-up request (SCCRQ) from the WAN that is addressed to the master address. The cluster master device selects one of the multiple network devices and forwards the SCCRQ message over the LAN to the selected network device. The selected network device selects a tunnel identification number that is unique for the tunnel connection on the selected network device and places the tunnel identification number into a source tunnel identification field of a connection set-up reply (SCCRP). The selected network device also places its own global address on the WAN into a source address field of the SCCRP, a value from a source address field of the SCCRQ into a destination address field of the SCCRP, and a value from a source tunnel identification field of the SCCRQ into a destination tunnel identification field of the SCCRP. The selected network device then transmits the SCCRP message onto the WAN. Alternatively, the multiple network devices do not have global addresses on the WAN and the SCCRP is transmitted over the LAN to a network address translation (NAT) server that substitutes its own address into the source address field of the SCCRP and retransmits the SCCRP onto the WAN. The NAT creates a table from the information in the SCCRP that it uses to translate and route subsequent packets between the selected network device and the device that requested the tunnel connection.