This is good information, thanks. I'd pretty much known most of that, but it makes me wonder about something specific. Meatballman might know the answer to this one.

I'm using these instructions to configure the SonicWall as an L2TP server for Windows clients. This instruction sheet says:

When creating a L2TP IP pool on the SonicWALL device, the IP addresses must be a unique IP subnet – you cannot specify IP addresses from the LAN (or any other) interface subnet on the device.

But that's exactly what I *want* it to do. I want the people who are tunneling in to get fed IP addresses from the same pool as what's on the office LAN. So I'd want them to be in the same subnet.

Do you think it possible to specify the DHCP pool on the SonicWall, and specify the LAN-side netmask, so that it can dole out half of the addresses in 192.168.2.xxx pool to the local DHCP users, and use the other half for the L2TP clients? What would those netmasks look like?