Here's our configuration. wrv54g ip: 192.,168.10.1 Local: 192.168.10.0/255.255.255.0 Remote: 10.0.0.0/255.0.0.0 Remote GW: something secret The other end point administrator tells me that all hits from tunnel comes from our local client IP instead of wrv54g ip (192.168.10.1). I tought that the router is suppose to NAT the traffic into the tunnel so the other end point will not have to open the whole range of ip for our local lan (192.168.10.0/255.255.255.0). I tried to change Local secure Group to "192.168.10.1" but nothing go through the tunnel but the router. Any idea ?