ipsec.conf ,routers and endpoints - third try

[shadrock]

my apologies for my first post

network topology
                  home network                       remote network

              3.3.3.3      1.1.1.1                2.2.2.2      4.4.4.4
             ------ router_a -------- internet -------- router_b ---------
            |                                                             |
            |                                                             |
            |                                                             |
            |                                                             |
            |     3.3.3.2                                      4.4.4.2    |
         firewall_a                                                   
firewall_b
            |     5.5.5.4                                      7.7.7.4    |
            |                                                             |
            |                                                             |
            |                                                             |
         network_a                                                     
network_b

         5.5.5.0/24                                                    
7.7.7.0/24

-----------------------------------------------------------------------------------
network_a

home network = 5.5.5.0/24
firewall dual homed
        network facing static nic address = 5.5.5.4 (rfc1918/rfc6598)
        virgin media router facing static nic address = 3.3.3.2 
(rfc1918/rfc6598)
virgin media router static address = 3.3.3.3 (rfc1918/rfc6598)
virgin media dynamic wan address = 1.1.1.1 (internet-routable)
firewall default route = 3.3.3.3
network_a default route = 5.5.5.4

network_b

home network = 7.7.7.0/24
firewall dual homed
        network facing static nic address = 7.7.7.4 (rfc1918/rfc6598)
        virgin media router facing static nic address = 4.4.4.2 
(rfc1918/rfc6598)
virgin media router static address = 4.4.4.4 (rfc1918/rfc6598)
virgin media dynamic wan address = 2.2.2.2(internet-routable)
firewall default route = 4.4.4.4
network_a default route = 7.7.7.4

both firewalls run ipsec
both firewalls run NAT
both will have ddns for the internet-routable address
both routers configured for vpn passthrough

network_a connects to firewall_a via a switch
firewall_a connects to router_a via a switch
router_a connects to virgin media cable

--------------

network_a ipsec.conf

# Macros
local_gw    = "local_addr"      # External interface
local_net   = "5.5.5.0/24"      # Local private network
remote_gw   = "remote_addr"     # Remote IPsec gateway
remote_nets = "7.7.7.0/24"      # Remote private networks

# Set up the VPN between the gateway machines
ike esp from $local_gw to $remote_gw
# Between local gateway and remote networks
ike esp from $local_gw to $remote_nets peer $remote_gw
# Between the networks
ike esp from $local_net to $remote_nets peer $remote_gw

-------------------

Q1: for my local_gw is local_addr 3.3.3.2 or 3.3.3.3 or 1.1.1.1
Q2: for my remote_gw is remote_addr 2.2.2.2 or 4.4.4.4 or 4.4.4.2