Alexey Vatchenko wrote:
It's because of: ike passive esp from 192.168.0.0/24 to any local egress dstid [EMAIL PROTECTED] psk xxx
Yes, it's because of that. But I'm convinced that you don't need that at all. From what I understand, you just need to give access from some remote network(s) to your office net. Please correct me if you are trying to achieve something else. Again (see last post): Home gateway: ike dynamic esp from HOME_NET to 192.168.0.0/24 peer OFFICE_EXTERNAL_IP psk xxx Office gateway: ike passive esp from HOME_NET to 192.168.0.0/24 psk xxx (if you have more than one external networks, you can put "any" instead of "HOME_NET" or repeat the stanza for each network.) krgds /markus
