The workaround I found that worked for me was to set a proxy-ID that was the supernet of all the networks reachable through the Netscreen. This works great in a classic telecommuter environment if you use 192.168 networks for your telecommuters, and 10 or 172.16 RFC1918 addresses in your data center...

[ more ]