how to configure IPsec for host <-> network

My configuration needs are for a single host at work to communicate with an entire private home network (using IPsec to provide secure communications). Reading the docs and articles recommended (afp548, FreeBSD, etc.), I see lots of info about host <-> host (transport mode) and network <-> network (tunnel mode) info for VaporSec and IPsec in general. However, I'd like the configuration to provide access only from a single host to the internal network. The main point here is that I don't want the home network to be accessible to other hosts on the work network. The work machine is an OS X 10.2. box. The home network has an OS X 10.2 box with a static IP address as a gateway with NAT services (and DHCP) for the internal network on a DSL line. Can anyone give me advice on how to set this up either with VaporSec or simply with direct command-line IPsec configuration? Is anyone aware of an article that describes this kind of setup? Many thanks for any help. - MSB