You should have Novell BorderManager 3.9 as the VPN master server. If you are moving a server behind NAT make sure either any of the other master servers in the VPN network is upgraded to Novell BorderManager 3.9, or move a VPN slave server behind NAT.
We recommend that the VPN and NAT be on different machines.
Configure a static NAT server by mapping the secondary IP address of the NAT server to the VPN server private IP address.
In the VPN server set the default route as the NAT server’s private interface.
Reconfigure the VPN server configuration with the secondary IP address of the NAT server.
Ping the secondary IP address from the public machine. The traffic should get diverted to the VPN server.
If the VPN server moved is a VPN master server you need to create new keys by using vpncfg and should add other VPN members to this master server.
Establish the VPN tunnel by pinging to the tunnel IP address.