[Openswan Users] An question with netscreen 500

[armani]

Hi list,

 I have a problem with openswan to netscreen 500.
 I try to seach some technical articles and mail-list to find out what's
 problem with my openswan setting. Then I found your responding to
 someone on the openswan mail-list.
 http://lists.openswan.org/pipermail/users/2005-June/005377.html

 I have a similiar environment such as the following description:

 1. LAN (left ip=%localhost)
 2. NAT (masquerade ip=%nat)
 3. Remote Netscreen 500 (right ip=%netscreen500)
 4. Remote default route (%leftnexthop)

 Then I config the /etc/ipsec.conf as the following

 conn to_netscreen
         aggrmode=yes
         ike=3des-sha1-modp1024
         keyingtries=3
         auto=start
         authby=secret
         pfs=yes
         keylife=3600
         left=%nat
         leftsourceip=%localhost
         leftsubnet=%leftip_mask
         right=%netscreen500
         #rightsubnet=??? I don't know  the remote subnet. Is it
 requred ?
         leftnexthop=%leftnexthop

 And /etc/ipsect.secrets
 %netscreen @%localhost: PSK "netscreen preshare key"

 I can't connect to the %leftnexthop after I restart /etc/init.d/ipsec
 service. Would you like to give some advise for my configuration.
 Thanks for your help in advance !

 Sincerely yours,

 - Armani Liao