>I did a short test in the lab and I think your solution is to create the dip on your trust internal interface where the >192.168.0.x addresses are located instead of on the untrust one.
>Then use this dip on the vpn policy object and it will work for both tunnel connections.
Hi Spuluka,
I tried to do what you told me, but the dip on my trust internal interface not work.
Is it required additional configuration?
To be more clear, we simplify the configuration
Es. external untrust interface ip is 10.0.0.1 , internal trust interface is 192.168.1.1
the goal is to connect all the PCs on trust zone with a single ip address (es. 10.208.32.108) to the remote pc through vpn.
Normally to do this, i create a dip 10.208.32.108 on Untrusted interface.
You can do it on trust interface?
Why not work?
Thanks again for your patience
Giuseppe