You can solve your problem using a route-based VPN. You can find the exact procedure on the ScreenOS 4.0 manual. Basically you have to create a tunnel interface binded to the untrust interface and assign a virtual IP address (not VIP) to the laptop. Then you have to permit the LP traffic from the unix server to the virtual address. lm