Instead of the "Trusted Networks" group, just use the "trusted remote network." Remove that network from the group and make a new Full NAT, similar to your DNAT but also changing the source to the IP on the interface attached to PHOBOS. Or, if you want to keep using split DNS, just do the Full NAT for the VPN Pools. Cheers - Bob
↧