> >you mean there is no dedicated connection between the remote squid and >it's peer? Without ACl the user could get internet access without going >through the peer? > > no! all requests have to go from "remote/user"-squid through the "peer" at our head quarter. each client can only connect to the remote/user-squid which is responsible for him. so client from subsidiary a can not connect to squid in subsidiary b etc. they also can not connect to the peer/main-squids at our head quarter. only the "remote/users" squids are allow to connect to peer/main-squids... markus
