> Do the outgoing packets indeed have a.b.c.d as their source address? > What does ipnat -lv have to say about the NAT entry for the connection? >
Yes they do...NAT was working correctly. I have seemed to have figured out what's going on....The VPN server (a Cisco of some sort) is expecting the source AND destination port to be 500. NAT was changing the source port and the Cisco was apparently just discarding it. Adding map le0 from 172.16.2.0/24 port=500 to ip.of.vpn/32 -> a.b.c.d/32 seems to have done the trick. At this point, I guess I'm not sure what the IPSEC proxy is really supposed to do.
