Hi! I'm using SuSE 7.0 (with FreeS/WAN 1.4) on a firewall gateway and SafeNet/Softremote for a WIN2000 machine and want to configure a road warrior VPN. The road warriod should connect to a maskeraded net (10.96.1.64/26) behind the firewall. The problem which makes me cracy is the following: I can establish an SA - there is a tunnel between the WIN2000 machine and the firewall. I can ping from the road warrior PC to the internal address of the firewall (10.96.1.102) but I can't ping or make a connection to any other machine in that subnet. I tested everything with and without firewall rules - no difference. Also the firewall script should be configured correctly because I have already a tunnel established between my subnet and another subnet which is working correctly. There are also no warning messges in the log file that the firewall rejects something! I tested with tcpdump that the ICMP packets arrive at the ipsec interfac on the firewall but nothing is sent out at the internal interface (eth0). For me this looks like a routing problem but I have no idea what could be configured in another way. I also searched in the list archives and didn't find anything. Who as an idea? Thanks Wolfgang My configuration: Internal net: 10.96.1.64/26 | | Firewall: intern(eth0): 10.96.1.102 extern(eth1): 213.30.70.235 | | External net: 213.30.70.232/29 | | PC with Softremote: 213.30.70.238 The connection in the ipsec.conf file is configured in the following way: # sample connection conn sample # Left security gateway, subnet behind it, next hop toward right. left=0.0.0.0 leftsubnet= leftnexthop= # Right security gateway, subnet behind it, next hop toward left. right=213.30.70.235 rightsubnet=10.96.1.64/26 rightnexthop=213.30.70.233 auto=add authby=secret