I work for a college with 3 sites, with wan links in between each, with 2 seperate networks per site, which means 6 networks over my wan. Im hoping to set up a DMZ over the summer, and putting my web server, dns and mail server in there. Thing is, i have another server on another site that i'd also like inside my DMZ. what i'd like to do is set up some sort of tunnel (i dont know if you can do this) from the external site to my DMZ. Sort of like this: box needs being in DMZ ---> tunnel box ---> WAN links ----> Box inside DMZ Then, any requests for the "box needs being in DMZ" can be directed to the "box inside DMZ", which then sends any data down over the tunnel directly to the "box needs being in DMZ". heres another diagram in case imnot being very clear: router ---------------------- wan router DMZ | | | box inside DMZ | ------------------ extsite1 extsite2 ext site3 ---- ---- ---- | Tunnel box | box needs being in DMZ