How can I declare the network 192.168.223.0/24 to be reachable via ipv4 and ipsec? Some hosts via vlan eth0:223 amd some hosts via ipsec over interface eth4 192.168.223.0/24? At the moment I,ve got in zones: pktgh ipsec mode=tunnel mss=1024 and in hosts: pktgh eth4:192.168.223.0/24,212.117.77.202 ipsec pktgh eth4:192.168.3.0/24,212.117.77.202 ipsec so the whole 192.168.223.0/24 is ipseced. But I'ld like to have some host be attached to the lokal vlan eth0:223. Axel -- Wir verwenden ausschließlich blaue Elektronen aus biologischem Anbau. ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech