Hello there, I've got a question, and I found no answer related to this topic - or maybe I'm simply too stupid and didn't get it .... Short story: Home LAN - SuSEfirewall2 System (SuSE 8.1 via DSL) - internet - Checkpoint FW - Companies LAN Long story: Well, my employer has a Checkpoit FW running to protect the companies LAN. We all got so called tokens (looks like an calculator) and some software to be installed on our PCs. The software is called SecuRemote. At home I have a small LAN (one SuSE 8.1 acting as a gateway, 3 MS based clients). I installed the software, checked the Checkpoint website for information how to configure an iptables fw, and I think I did it: the neccessary ports are udp 50, udp 51, udp 500 & udp 2746. So I added the lines: FW_FORWARD="212.212.212.212/32,192.168.10.100/24,udp,50 212.212.212.212/32,192.168.10.100/24,udp,51 \ 212.212.212.212/32,192.168.10.100/24,udp,500 212.212.212.212/32,192.168.10.100/24,udp,2746" FW_FORWARD_MASQ="212.212.212.212/32,192.168.10.100/24,udp,50 212.212.212.212/32,192.168.10.100/24,udp,51 \ 212.212.212.212/32,192.168.10.100/24,udp,500 212.212.212.212/32,192.168.10.100/24,udp,2746" (In both cases 212.212.212.212 is just a place holder!!! ... not the real ip adress.) But it does not work ...... no VPN connection is established between my MS client and a system on the companies LAN. When I connect to the internet directly (eg. via an ISDN dial-up connection) it works fine. Well, one of my thoughts was to modify the MTU/MRU values - but setting them eg. to 1404 didn't solve it. Has anyone around there an idea? Can I use the SuSEfirewall2 for this? Thanks in advance!!!! c y Torsten