hi all. i have a problem with generating IPSec with one dynamic address. those are the settings i have established:
router 1(with static IP):
interfaces:
eth1-PPPoE client, acquire static address from ISP
eth2: 192.168.0.1/24
routes:
default route acquired from ISP
NAT:
srcnat accept src: 192.168.0.0/24 dst:192.168.1.0/24
srcnat masquerade 192.168.0.0/24(in this order)
IPSec:
peer address: 0.0.0.0/0
generate policy
router 2(with dynamic address):
interfaces:
eth1- PPPoE client, acquire dynamic address from ISP
eth2: 192.168.1.1/24
routes:
default route acquired from ISP
NAT:
srcnat accept src: 192.168.1.0/24 dst:192.168.0.0/24
srcnat masquerade 192.168.1.0/24 (in this order)
IPSec:
peer address: static address from router1
policy: src: 192.168.1.0/24 dst:192.168.0.0/24 tunnel src: 0.0.0.0 tunnel dst: static address from router 1
now, with these settings i can open tunnel only from dynamic side.
i can ping 192.168.0.1 from any computer in 192.168.1.0/24 network, but i cant ping any computer in 192.168.0.0/24 network. also, router1 can ping any computer in 192.168.1.0/24 network from his private address but computers from 192.168.0.0/24 network cant ping any computer from 192.168.1.0/24 network, nor they can ping router2 on 192.168.1.1.
logs on router2 tells me tunnel is established.
basically, for some reason i have a IPSec tunnel between 192.168.1.0/24 network and single IP address onj other side(192.168.0.1).
also, when i configured IPSec with current address on dynamic side, everything run smoothly. but that of course couldnt stay as tunnel would break with first change of IP address…
can anybody help me? from what ive figured out running through sites, i need some sort of script on dynamic side to run this, but i dont know how to make one 
tnx all 