One final question about NAT'ing if I may, in accordance with my prior post, regarding the configurations since its established this is format is correct, machine.int is the VPN Address and machine.ext is the static address. Rule 1 Original Packet Translated Packet Source Dest Svce Source Dest Svce Machine.int Any Any machine.ext Original Original Rule 2 Original Packet Translated Packet Source Dest Svce Source Dest Svce Any machine.ext Any Original machine.int original All that's left is adding static routes and ARP entries on the firewall server itself correct? (like so correct) then adding that to /etc/rc.d/* (to always be effective on startup) route add machine.int machine.ext arp -s machine.ext 00:11:00:11:00:11 Now my second question is, what about a network with over say 200 machines, doesn't this solution seem a bit tedious to configure dual objects for each machine and having a configuration set up as such? ---------------------------------------------------------------------- J. Oquendo [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.disgraced.org | http://www.antioffline.com "When I am Buddhist, everyone is mad at me. When I am Buddha, everyone is happy." ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
