Hi, Here is what I'm trying to accomplish: 2 sites, each with an RVL200, firmware 220.127.116.11 (tried 1.1.7 also) Site 1 ------ VLAN1 10.10.13.1/255.255.255.128 VLAN2 10.10.13.129/255.255.255.128 Site 2 ------ VLAN1 10.10.14.1/255.255.255.128 VLAN2 10.10.14.129/255.255.255.128 Set up IPSec VPN between the two using 10.10.13.0/255.255.255.0 & 10.10.14.0/255.255.255.0 as the ranges for the security associations. Here's where things start to go wrong: Set up multiple subnets -- enter 10.10.13.1/255.255.255.128, then try to add 10.10.13.129/255.255.255.128 and the router complains that the LAN IP is already in the table. Its like the config is only looking at the first 3 octets and pays no attention at all to the subnet mask. To work around this, I then tried: Site 1 VLAN1 - 10.10.12.1/255.255.255.128 VLAN2 - 10.10.13.1/255.255.255.128 Site 2 VLAN1 - 10.10.14.1/255.255.255.128 VLAN2 - 10.10.15.1/255.255.255.128 For the IPSec config we now use 10.10.12.0/255.255.254.0 and 10.10.14.0/255.255.254.0 for the security associations. These cover the .12/.13 and .14/.15 subnets. The routers at least accept this configuration and nail up the VPN... but I can't ping any devices from end to end. I can ping local addresses using the local ping utility in the router, but not across the VPN. For what its worth, the "internet connection" is 2 cables through a hub connected to the WAN port of each router at the moment. I can ping both external router interfaces from the LAN segments of both "sites". Why I can't get traffic to go over the VPN, I don't know. Outgoing logs show the packets leaving, but they don't show in the incoming logs on the router on the other side. Am I just trying to do to much with these routers? If so, does anyone have another product suggestion near this price point? Thanks in advance.