I have a 837 and on it I built 2 kinds of tunnels:
1) one to headquarter; 2) VPNclients to access a server behind eth0.I would that VPN clients have access to hq resources.
I studied 2 solutions but each one has its pros and contros, one has to be more clearly developed:
1) I assigned to VPNclients a pool belonging to the LAN being behind the router. I mean 192.168.150.232-239 of 192.168.150/24 It works fine both to machines behind the eth0 and to headquarter;but it bworks only because of the router has proxyARP enabled on eth0; 2) I assigned a pool completely different (192.168.160.232-239) but now I dont' know how to NAT them when packets must reach the head quarters. Keep in mind I can not change IPsec settings on device at the HQ so for it I must "produce" packets coming from the LAN behind the eth0. So how to do NAT coming from one interface (dialer in this case) and going out from the same? Do you think that using loopback interfaces and route-maps could help me?Perhpas more than one?Thanks Alex.