Lynn: I've read about the differing subnets; in fact, it was your doc that has helped to get me thus far. However, changing the laptop IP to 192.168.3.9 produces the following result:
Laptop: "Negotiating IP Security" ad infinitum Bering auth.log: Dec 6 18:15:11 ice pluto[16903]: "w2kwifi"[1] 192.168.3.9 #3: responding to Main Mode from unknown peer 192.168.3.9 Dec 6 18:15:15 ice pluto[16903]: packet from 192.168.3.9:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000002] Dec 6 18:15:15 ice pluto[16903]: packet from 192.168.3.9:500: ignoring Vendor ID payload [4048b7d56ebce885...] Dec 6 18:15:15 ice pluto[16903]: packet from 192.168.3.9:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] also ad infinitum. The only way I was able to successfully complete a link was to put the laptop on the same subnet. But I know that this is not the accepted method. Any port in a storm, so to speak. Here's the routing table with IPsec listening, but no link established: # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 207.41.164.254 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0 0.0.0.0 207.41.164.254 0.0.0.0 UG 0 0 0 ppp0 Thank you for your help thus far. :Max ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html