[Users] cannot access ipsec remote host on external interface anymore

hello!

i'm a newbie in ipsec & freeswan things, but i have now a stable ipsec connection from my home to the ipsec gateway of my firm.

a little question. let's say, the ipsec server on the other side has die external ip 1.1.1.1 and an internal network where he is at 192.168.1.1.     

my external ip of my home (a dynamic DSL modem) has the ip 2.2.2.2
(i use %any in the ipsec.conf) and the internal lan at 192.168.191.0.

i have now subnet-to-subnet routing, which works fine...

my problem is, that i'cant access the external ip of the other side
(1.1.1.1)

anymore - i had to do this, because only on this interface apache-webserver
is listening :-(.

i have done tcpdump on the ipsec0 interface on the server with 1.1.1.1 and
i see the icmp-request when i try to ping it from my side, but there will never
come an icmp-reply.

i also tried it with an extra subnet-to-host route, but these also won't work.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

could anyone help me please? thanks!

greetings, andi