CentOS - Mar 2007 - Could anyone please to help me for ipsec-tools on DDNS+NAT environment?

Hi,
	I've met trouble when I attempt to create a VPN between my PC and my
lan in my home. The structure of my network structure is illustrated in the
attachment.
	First, I have no idea about how to configure the /etc/setkey.conf
file. Because the two port on the Internet are both with dynamic IP. How do
I specify the "add" statements for sad and "spd" statements?
I've try to add
sad entry like this:
	add 192.168.0.250 anonymous ah 0x200 -A hmac-sha2-256
0x7d5555f0355edabbb2e6e9a9c2d0ece421adbfaf94e953fe807e34ab22501d7c;
But I got "Name or service not known at [ah]" error message after I
run the
command "/sbin/setkey -f /etc/setkey.conf".
	I doubt if it is possible to create a VPN with such network
structure. I've read many articles about ipsec-tools over NAT-T, but all
these articles assume that the ip address of the NAT gateway is static.

Thanks,
Enliang.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NetworkStructure.png
Type: image/png
Size: 125868 bytes
Desc: not available
URL:
<http://lists.centos.org/pipermail/centos/attachments/20070311/90f5ba0f/attachment.png>