Wolfgang Pichler wrote: > Our own internal net is 172.16.0.0/24 - i'd now like my firewall to > redirect packets coming from 172.16.0.0/24 with destination address > 10.0.43.0/24 to go over the vpn tunnel.
Assuming you've configured your tunnel(s) correctly, both firewalls should have routes to the corresponding side; i.e. your firewall will have a static route for the 10.0.43.0/24 network and packets from your LAN should automatically go across. For example, a "netstat -rnf encap" on my office firewall shows: [EMAIL PROTECTED] ~> netstat -rnf encap Routing tables Encap: Source Port Destination Port Proto SA(Address/Proto/Type/Direction) 130.57.44.64/27 0 192.168.168.30/32 0 0 206.14.107.83/50/use/in 130.57.44.64/27 0 192.168.168.32/32 0 0 208.16.27.92/50/use/in 130.57.44.64/27 0 192.168.168.50/32 0 0 208.16.27.92/50/use/in 130.57.44.64/27 0 192.168.169.2/32 0 0 208.16.27.92/50/use/in --snip-- The boxes at 192.168.168.30/.32/.50 and 192.168.169.2 reach the 130.57.44.64/27 network over the VPN tunnel. Check out your SAs and see what flows you actually have configured. cheers, Sean