> Hi, Roy:
>
> Roy Morris wrote:
> >
> > Yes it does work! I guess I better hold on to these two
> boxes I have. Seems
> > they are the only ones that do! lol
> >
> > I have
> > A. clients on each end behind a vpn/pf box
> > B. enc0 binat from internal client to public IP of other side client
> > C. /etc/hostname.if alias for the binat IP
> > D. isakmpd.conf uses public IP (A) for phase 1, and (B
> internal client nat) for
> > phase 2
>
> I've had a closer look at this...
>
> In my case, the other peer expects a private IP on my
> internal network.
> Your directions involve an alias. Do I need this alias?
>
> Can I not just nat on the encryption interface like so?
>
> nat on $enc_if from $internal_ip to $remote_internal_ip ->
> $private_nat_address?
>
> This is really confusing me.
>
> -Stephen-
Have you actually tried it?
nat on enc0 from $ip_to_be_changed to $peer_net -> $nat_ip
