Hi, So just to confirm, I should NOT use the reth interface as the gateway on my side. I should use a lo0 as an external interface? I have two reths, both are reachable externally, but you are saying that by having a lo0 interface as the gateway external interface then that maximizes the reachability---preferable to having a reth as an external. However, is it a problem that both reths are in different security zones?
Can I just put that lo0 interface in a vpn zone, and have policies that allow from other zones to that?
Then, as you say, I can just create an st0 interface (in that vpn zone), that is not redundant.
I find if I can repeat it back, then I am sure i know what you are saying. Also, i don't know if the two links that you sent were intened for me, but the second doesn't work.
Ryan