Hi , i am testing a setup where i have three firewalls in a chain, the first and second firewall form a g/w to g/w VPN and then secon and third form another VPN. The second firewall has two interface and as such it forms VPN with its peer on different interface. I wish to allow traffic originating from encryption domain of firewall one to systems in encryption domain of firewall three. The second firewall comes in the middle and mediates the traffic. I m using NAT rules on the second firewall so as to distiguish between encryption domains on second firewall. The traffic reaches the second firewall as desired ( encrypt -> NAt-> ??) But when it leaves the second firewall it is not getting encrypted and going plainly..... can some one throw some light on it???? 1) NAT takes place at only one interface?? 2) FW-1 can form encryption VPN on two interface??? TIA regds Madhur _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net http://lists.gnac.net/mailman/listinfo/firewalls