I have a customer that is trying to get a terminal session to an AS400 at another location across the internet. They are currently running BM 3.6 and the remote location is running a Watchguard Firebox x1000. One thought was to set up a site to site VPN to have the terminal session traffic go through this tunnel, while all other traffic destined for the internet would go directly out through the BM server. I have checked and the Watchguard is IPSEC compliant so it should connect to any other IPSEC firewall for the tunnel. I don't think BM 3.6 is IPSEC compliant so an upgrade to BM 3.8 would have to be done. Does anybody know if this is going to work and how difficult it will be to get working properly? Another option we have kicked around is to use an appliance at each end and have the terminal traffic go via SSH. Any thought on this option?

Thanks in advance for any feedback.