Never having used VPN before, I'm trying to set up BM38 sp1A to create a tunnel to a client's CheckPoint box so that we can exchange email over it. The trick is that they refuse to route private addresses across the tunnel. They will only route registered IP addresses. So my protected host is not its 10.x address; I have to use its public address. Same thing configuring for their end.

As it stands now, the tunnel comes up and connects. But, I apparently have a routing problem somewhere, as I'm not sending any traffic across the tunnel (VPTUNNEL interface shows 0 packets transmitted in MONITOR). Can someone give me some details on how this configuration should work? I think the problem is just that I'm not very familiar with VPN, and this "non-standard" config is giving me problems.

My environment is BM38, with one private and one public NIC. Public has static and dynamic NAT enabled. One of those public addresses (not the primary one, of course), is static-NAT'ed into my GroupWise server, which should be the protected host in the VPN config. The VPN server is configured on the primary public address -- is that a problem? Should I give it its own address?

Thanks for any advice.

Corey Webb