2008/11/12 Mitja MuE>eniD <[EMAIL PROTECTED]>: > If you control the target box, the simplest solution by far is to assign a > deconficting alias address to it and then establish the VPN tunnel between > the 3rd party site and this alias address of yours. Everybody will be > accessing through the original address except for the problematic site, they > will use the alias. > > There are tricks with nat on ipsec but they are very hard to configure > right.
I have full control over the local OBSD server and the internal network, however the address assiged to the box in question is pretty entrenched and so it isn't really possible to change its address. :( I am not completely without clue, and am willing to get deeper into the configs in question. I should probably point out that I am still using the older style isakmpd.[conf,policy] files at this time, but I believe that my problem lies within the pf.conf file. I think I need to so something like nat on rl2 from 172.20.20.123/32 to $client_network -> enc0 but that doesn't seem to work for me....
