Thanks for getting back to me, John. Here are some more details and an attempt at clarification: The client is a laptop running MacOS X and VPN Tracker. It sits on the private LAN and as I mentioned in the post, I can see outgoing traffic (e.g. pings of VPN hosts) going *out* through ESP (i.e. all three interfaces - client, internal and external - report ESP packets going out). The client s/w log also indicates "ESP tunnel established". Regardless though, if I just try to get any ESP traffic *into* the client, from outside the firewall, it only shows up on the external interface and triggers the described response. cheers, h. On Wed, 1 Dec 2004 at 18:59 -0500, John A. Sullivan III wrote: [snip] JASI> Silly question but, since the problem started after a reboot, are JASI> you sure that ESP is running on your client? Are you using *swan or JASI> the native 2.6 IPSec implementation on the client?
