Paul Wouters wrote: > 50 is PROTOcol 50, not PORT 50 > And for l2tp (ipsec in transport mode) it is 51. No, protocol 51 is AH (Authentication Header) which is not used by L2TP/IPsec. So it does not have to be allowed in. Jacco -- Jacco de Leeuw mailto:jacco2 at dds.nl Zaandam, The Netherlands http://www.jacco2.dds.nl