Thanks for the info Benjamin, I couldn't solve the problem til now so I just dropped the SuSEfirewall2 and installed Shorewall instead which has a much more clear Documentation on using IPSec with it. Btw, it took me only like 20min to set up a working configuration with Shorewall, but I'm not sure if this is a real alternative to SuSEfw regarding security. So I might try out the SuSEfw again with your suggestion but I think I'll only do this if I find a good reason not to use Shorewall. ----- Original Message ----- From: "Benjamin P Myers" <dative@sukrahelitek.com> To: <suse-security@suse.com> Sent: Monday, November 03, 2003 11:08 AM Subject: Re: [suse-security] Problem with IPSec and SuSEfirewall2 SuSE-FW-ILLEGAL-TARGET I had some trouble getting this set up, too. I had overlooked FW_MASQ_DEV and used the default which included all of the external interfaces. You don't want to masq the stuff on ipsec0: FW_MASQ_DEV="eth1" Did the trick for me. I didn't have to mess with _updown, either. But this, of course, I only realized after i did exactly what you've done to _updown. Perhaps it would be good to add a note in the faq mentioning not to nat the ipsec interface.