Hi, i've problems to connect with a Roadwarrior (with a Dialup-Adapter only) to my network. But i think it would have to funktion. The network begins at the firewall, which is running on SuSE 7.2 with SuSEfirewall2. The firewall is having 3 interfaces: one goes into the DMZ, with private IP-Adresses (Range 192.168.52.0/24). SuSEfirewall is doing Port-Forwarding here. The 2nd interface is connected with an other SuSE-7.0-Server (via X-Link-Cable), which is routing between 2 internal Subnets. All traffic from this Subnets toward firewall is maskeraded (Subnets 192.168.50.0/24 and 192.168.55.0/24). The Subnet between inner-router and firewall has the range 192.168.51.0/24. The 3rd interface is having an official ip-adress. So far, so good. I try meanwhile for two weeks to successfully connect AND ping and connect to Server in the subnet 192.168.50 or .55 (behind the 2nd Linux-Router). The VPN-Tunnel is established also (afaik), but nothing else happens. I can't reach on server. no Server in DMZ and no server in the inner-LAN behind the second Linux-Router. Also There are no logged drops or rejects from the firewall. See my logs: ----------------- Sep 9 14:12:19 goofy Pluto[1003]: packet from 193.159.64.92:500: ignoring Ven dor ID payload Sep 9 14:12:19 goofy Pluto[1003]: "gio-warriors" #1: responding to Main Mode from Road Warrior 193.159.64.92 Sep 9 14:12:19 goofy Pluto[1003]: "gio-warriors" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established Sep 9 14:12:20 goofy Pluto[1003]: "gio-warriors" #2: responding to Quick Mode Sep 9 14:12:20 goofy Pluto[1003]: "gio-warriors" #2: STATE_QUICK_R2: IPsec SA established /root >iptables -L | grep "dialin" ACCEPT all -- pC19F405C.dip.t-dialin.net 192.168.0.0/16 ACCEPT all -- 192.168.0.0/16 pC19F405C.dip.t-dialin.net /root >ipsec look gateway Mon Sep 9 14:14:27 CEST 2002 192.168.0.0/16 -> 193.159.64.92/32 => tun0x1002@193.159.64.92 esp0x24dd43e d@193.159.64.92 ipsec0->eth0 mtu=16260->1500 esp0x24dd43ed@193.159.64.92 ESP_3DES_HMAC_MD5: dir=out src=195.90.31.11 iv_bits= 64bits iv=0x7010041f4bc4b10c ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)= add(127,0,0) esp0x78a28da1@190.91.41.11 ESP_3DES_HMAC_MD5: dir=in src=193.159.64.92 iv_bits= 64bits iv=0x1e51283693e0a222 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)= add(127,0,0) tun0x1001@190.91.41.11 IPIP: dir=in src=193.159.64.92 life(c,s,h)=add(127,0,0) tun0x1002@193.159.64.92 IPIP: dir=out src=190.91.41.11 life(c,s,h)=add(127,0,0) Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 195.90.31.254 0.0.0.0 UG 40 0 0 eth0 193.159.64.92 190.91.41.254 255.255.255.255 UGH 40 0 0 ipsec0 190.91.41.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0 190.91.41.0 0.0.0.0 255.255.255.0 U 40 0 0 ipsec0 -------------------------- What is the matter? I have edited the file /etc/rc.config.d/firewall2.rc.config as given (port 500 / udp, protocol 50, ipsec0 in field FW_EXT_DEV against rp_filter, etc....). Further i'd setup a /usr/lib/ipsec/_updown_custom, with iptables-Rules as follows: [...] up-client:) # connection to my client subnet coming up # If you are doing a custom version, firewall commands go here. iptables -I FORWARD 1 -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT iptables -I FORWARD 1 -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT ;; down-client:) # connection to my client subnet going down # If you are doing a custom version, firewall commands go here. iptables -D FORWARD -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT iptables -D FORWARD -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT ;; [...] Where is the Problem? Thanks in advance for help...i despair...