IPSEC routing ?

Tech-Archive recommends: Fix windows errors by optimizing your registry

Have routing issue im trying to get my head around.

My network is setup like this:


-------------------------------------------------------------------------------------------------------
REMOTE NODE
(public ip)
|
|
NET
|
|
(public IP)
FIREWALL
(private ip range 192.168.50.0 /24)
|
|
SWITCH
|
|
(192.168.50.100)
SERVER (listening service)
-------------------------------------------------------------------------------------------------------


I have nodes sending data to my listening service using the PUBLIC IP as the
nodes target destination address, NAT to listening service, all works fine.

I need to install an IPSEC vpn conneciton to allow additional nodes to
connect to my listening service over VPN. These nodes will use the target
destination IP 192.168.50.100 instead of a public IP. The routing at the
remote node end should be ok as managed by my ISP.



-------------------------------------------------------------------------------------------------------

REMOTE NODE
|
|
NET
|
|
(public IP)
FIREWALL
(private ip range 192.168.50.0 /24)
|
|
SWITCH _ _ _ _ _ _ (192.168.50.99) VPN TERMINATION HARDWARE (10.10.10.10) _
_ _ _ _ _ _ _ _ _ _ _ (10.10.10.99) remote node
|
|
(192.168.50.100)
SERVER (listening service)
-------------------------------------------------------------------------------------------------------




1. My options are to install 3rd party VPN termation hardware as shown above
and make it form part of my 192.168.50.0 /24 private lan. If i do this how
can 192.168.50.100 route to 10.10.10.99 ? what do i need to configure to
ping 10.10.10.99 for example ?


2. I can probably get my FIREWALL to create the IPSEC conneciton to
(10.10.10.99) remote node. Again how can 192.168.50.100 route to 10.10.10.99
under this circumstance ? ... what would i need to configure to ping
10.10.10.99 for example ?


I understand you cannot NAT over IPSEC.


Thank you for any advice.


.