Hi,

I am currently in the middle of a project to provide nat, ipf and ipsec 
tunnleing for two networks within my company.

One is in the UK, the other NY,

each network has ipf and ipnat in place to provide internet access for 
private network members

UK is 10.0.1.0/24,
NY is 10.0.2.0/24,
[& singapore will be 10.0.3.0/24, but that comes later!]
each netbsd box has 2 interfaces - no aliasing

They have to communicate via the "cloud" of the internet, but with nat in 
place there is no need to setup real ip numbers.

At this point I am unsure if ipsec uses the tunneling interfaces 
(tun,gre,gif), or if it is implicit in its' routing... the documentation 
appears to define this neither one way, nor the other. Or, on the other 
hand are interfaces aliased?

any clarification on this would be most useful

tia

nick