From: mmuessig@multamedio.de   
      
   Hello group,   
   i am planning a vpn using racoon under freebsd and a watchguard   
   firebox as a remote party.   
   this is my planned network-configuration:   
      
   local net (here are the vpn-clients situated)   
   |   
   v   
   nat gateway   
   |   
   v   
   dmz (here i want to place my security gateway - freebsd racoon)   
   |   
   v   
   INTERNET   
   |   
   v   
   watchguard firebox   
      
   my questions:   
   using transport mode means that i trust all clients in my dmz.   
   should not be a problem.   
   routing:   
   all connections from local lan to a local address behind watch-   
   guard firebox have to pass my nat-gateway and routed with   
   my public nat ip-address of nat-gateway to security gw.   
   security-gw decides to route those packets with local-lan-dest.   
   addresses from behind watchguard-sg through a tunnel to   
   the remote-vpn site.   
   is there anything has to be considered for incoming packets   
   from remote lan?   
   will there be problems according to my nat-technique?   
   nat and ipsec are seperated in this scenario so i shouldn't   
   run in trouble?!   
   any routing or nat hints?   
   tunnel or transport?   
      
   any hints, any options?   
   its no option to use my nat-gw as a vpn-gateway...   
      
   thank you in advance,   
   markus muessig   
      
   --   
   ----------------------------------------------------------------------   
   Markus Müssig                       MULTA MEDIO Informationssysteme AG   
   - Systemadministrator -                         Mergentheimer Str. 76a   
                                                          97082 Wuerzburg   
   mailto:mmuessig@multamedio.de                 Tel: +49 (0)931 79717-18   
   http://www.multamedio.de                      Fax: +49 (0)931 79717-30   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)