Hi, I have created a vpn tunnel with cipe. It still works. My problem : I have a firewall with iptables,vpn (cipe) on a SuSE 8.0 system. I tried to ping a server in my internel network.(10.1.1.1) The server in the internet has the tunnel ip 192.168.0.2 and the tunnel ip on my vpn gateway and firewall is 192.168.0.1. A ping to each site still works fine. The internal server must per reached wit ip 172.20.1.1. I tried to solve the problem with natting. iptables -A INPUT -i INTERFACE -p icmp --icmp-type echo-request -s 192.168.0.2 -d 192.168.0.1 -j ACCEPT (For a ping to the tunnel) works iptables -A PREROUTING -i INTERFACE -p icmp --icmp-type echo-request -d 172.20.1.1 -j DNAT --to 10.1.1.1 iptables -A FORWARD -d 10.1.1.1 -j ACCEPT This rule does not work. What´s the problem ? Mfg Stefan