I would like to set up a SSG5 to be a VPN-gateway, but not default GW. That would be easiest if the VPN-clients would be represented with an internal ip-adresse (like with SA's or MS-VPN).
Can that be done?
An alternative could be to give then an ip-adresse from a known range and then set up static routes on the server, for that.
I have tried the last solution by using xauth, but it does not seem to work.
If I change the default gateway of a server I can get traffic trought, but I just enter a static router I will not.
If I traceroute to the address range of the vpn-clients from the server it does get routed corectely.
Can anyone help me find the best sollution (now I can't get permission to buy a SA)?