Hello, It seems as though your current documentation on VPN over IPsec is incorrect: Step 1 should include the ipencap firewall rule on both hosts. Pinging will not work between the networks if protocol 4 (IP in IP) is not allowed. Thank you for an otherwise excellent doc. Matt.