diff --git a/01-network.tf b/01-network.tf
index 34057f7..6ac6952 100644
--- a/01-network.tf
+++ b/01-network.tf
@@ -44,15 +44,16 @@ resource "stackit_network" "p2_lan_network1" {
 resource "stackit_network_interface" "p2_lan1" {
   project_id         = module.project.project_info["project2"].project_id
   network_id         = stackit_network.p2_lan_network1.network_id
-  security           = true 
+  security           = false
   name              = "P2LAN1"
-  security_group_ids = [ stackit_security_group.example.security_group_id ]
+  //security_group_ids = [ stackit_security_group.example.security_group_id ]
 }
+
 // this is for adding a second network interface to the core project (for WAN access).
 /* resource "stackit_network" "p2_wan_network1" {
   project_id         = module.project.project_info["project2"].project_id
   name               = "wan"
-  ipv4_prefix        = "10.220.6.0/24"
+  ipv4_prefix        = "10.220.50.0/24"
   routed              = true
 }
 
@@ -82,6 +83,8 @@ resource "stackit_network_interface" "p3_lan1" {
   //security_group_ids = [ stackit_security_group.example.security_group_id ]
 }
 
+// project 4 for SKE, so no configuration necessary here
+
 // ------- project 5 - vpn ------------
 // This file defines the network setup for the fifth project (vpn).
 resource "stackit_network" "wan_network_beta" {
@@ -128,9 +131,9 @@ resource "stackit_network" "p6_lan_network1" {
 resource "stackit_network_interface" "p6_lan1" {
   project_id         = module.project.project_info["project6"].project_id
   network_id         = stackit_network.p6_lan_network1.network_id
-  security           = true 
+  security           = false
   name              = "P6LAN1"
-  security_group_ids = [ stackit_security_group.example_beta.security_group_id ]
+  //security_group_ids = [ stackit_security_group.example_beta.security_group_id ]
 }
 
 // ---------- public IPs ------------------
@@ -139,7 +142,7 @@ resource "stackit_public_ip" "wan_ip" {
   project_id           = module.project.project_info["project1"].project_id
   network_interface_id = stackit_network_interface.wan.network_interface_id
 }
-resource "stackit_public_ip" "wan_ip_alpha" {
+resource "stackit_public_ip" "wan_ip_beta" {
   project_id           = module.project.project_info["project5"].project_id
   network_interface_id = stackit_network_interface.wan_beta.network_interface_id
 }
@@ -154,9 +157,15 @@ resource "stackit_public_ip" "wan_ip_alpha" {
 // Output the public IPs for both projects
 output "public_ips" {
   value = {
-    "wan_ip"   = stackit_public_ip.wan_ip.ip
-    "wan_ip_alpha" = stackit_public_ip.wan_ip_alpha.ip
+    "pfsense-alpha"   = stackit_public_ip.wan_ip.ip
+    "pfsense-beta" = stackit_public_ip.wan_ip_beta.ip
     //"wan_server"   = stackit_public_ip.wan_server.ip
   }
 }
 
+output "private_ips" {
+  value = {
+    "linux-alpha"   = stackit_network_interface.p2_lan1.ipv4
+    "linux-beta"    = stackit_network_interface.p6_lan1.ipv4
+  }
+}
diff --git a/02-pfSense-image.tf b/02-pfSense-image.tf
index b220b54..39b06b9 100644
--- a/02-pfSense-image.tf
+++ b/02-pfSense-image.tf
@@ -26,8 +26,12 @@ resource "stackit_image" "pfsense_image" {
     disk_bus       = "scsi"
     secure_boot    = false
   }
+  lifecycle {
+    ignore_changes =  [ local_file_path ]
+  }
 }
 
+
 // Upload VPN Appliance Image to STACKIT
 resource "stackit_image" "pfsense_image_beta" {
   project_id       = module.project.project_info["project5"].project_id
@@ -43,5 +47,9 @@ resource "stackit_image" "pfsense_image_beta" {
     disk_bus       = "scsi"
     secure_boot    = false
   }
+    lifecycle {
+    ignore_changes =  [ local_file_path ]
+  }
 }
 
+
diff --git a/03-pfSense-appliance.tf b/03-pfSense-appliance.tf
index 8117929..7f6676c 100644
--- a/03-pfSense-appliance.tf
+++ b/03-pfSense-appliance.tf
@@ -39,7 +39,7 @@ resource "stackit_volume" "pfsense_vol_beta" {
 
 resource "stackit_server" "pfsense_appliance_beta" {
   project_id      = module.project.project_info["project5"].project_id
-  name            = "pfSense"
+  name            = "pfSense-beta"
   boot_volume = {
     source_type   = "volume"
     source_id     = stackit_volume.pfsense_vol_beta.volume_id
diff --git a/README.md b/README.md
index f439fd0..01eeb62 100644
--- a/README.md
+++ b/README.md
@@ -6,35 +6,56 @@ This repository contains Terraform code to deploy the following infrastructure p
 
 ## 📦 Projects Overview
 
-### 1. **Landing Zone**
+
+
+### 1. **ALPHA SNA**
+
+#### 1.1 **Landing Zone**
 - Deploys a single **pfSense VM** as the central firewall/router.
 - Acts as the entry point for the environment.
-- Configures **WAN and multiple LAN networks**:
+- Configures **WAN and one LAN network**:
   - `wan_network`: `10.220.0.0/24`
   - `lan_network1`: `10.220.1.0/24`
 - Interfaces:
   - WAN interface with static IP `10.220.0.254`
-  - LAN1–3 interfaces, each connected to corresponding networks
+  - LAN interfaces with dynamic IP
 
-### 2. **Core**
+#### 1.2 **Core**
 - Deploys a single **Virtual Machine** (VM) for core services or testing purposes.
 - Network setup includes:
   - `p2_lan_network`: `10.220.5.0/24` (routed)
-  - `p2_wan_network`: `10.220.6.0/24` (routed) - optional
+  - `p2_wan_network`: `10.220.50.0/24` (routed) - optional and deactivated
 - Interfaces:
-  - LAN interface with attached security group
-  - WAN interface without additional security
+  - LAN interface with optional configured security group
+  - WAN interface without additional security set
 
-### 3. **Backup**
+#### 1.3 **Backup**
 - Used for backup and disaster recovery scenarios.
 - Creates an **Object Storage Bucket**.
 - Relevant **access credentials** are provisioned for use with other services.
 
-### 4. **SKE**
+#### 1.4 **SKE**
 - Deploys a managed **SKE (STACKIT Kubernetes Engine)** cluster.
   - `ske_network`: `10.220.10.0/24`
 
+### 2. **BETA SNA**
 
+#### 2.1 **VPN**
+- Deploys a single **pfSense VM** as the central firewall/router.
+- Acts as the entry point for the environment.
+- Configures **WAN and one LAN network**:
+  - `wan_network`: `10.230.0.0/24`
+  - `lan_network1`: `10.230.1.0/24`
+- Interfaces:
+  - WAN interface with static IP `10.230.0.254`
+  - LAN interfaces with dynamic IP
+
+#### 2.2 **Infra**
+- Deploys a single **Virtual Machine** (VM) for infra services or testing purposes.
+- Network setup includes:
+  - `p6_lan_network`: `10.230.5.0/24` (routed)
+- Interfaces:
+  - LAN interface with optional configured security group and dynamic IP.
 ---
 
 ## 🚀 Getting Started
@@ -48,7 +69,7 @@ This repository contains Terraform code to deploy the following infrastructure p
 
 1. Clone this repository:
    ```bash
-   git clone https://professional-service.git.onstackit.cloud/professional-service-best-practices/landingzone.git
+   git clone https://professional-service.git.onstackit.cloud/professional-service-best-practices/landingzone_ipsec.git
    cd <repo-name>
    ```
 
@@ -75,6 +96,7 @@ This repository contains Terraform code to deploy the following infrastructure p
 
 The deployment will output:
 - VM IP addresses
+- pfSense Public IPs
 - Kubernetes cluster information (kubeconfig)
 - Object Storage credentials (access/secret key)
 
@@ -84,7 +106,8 @@ The deployment will output:
 
 ## 📝 Notes
 
-- This setup is optimized for a **test or POC environment**.
+- This setup is optimized for a **test or POC environment** and is intended to setup an IPSEC Site2Site VPN.
+- Check the SNA Routes for configuring the Remote Networks on pfSense side. **Be sure to set the Identifier in IKE Phase 1 to the Public IP, because we are behind NAT.**
 - pfSense must be manually configured after deployment. (User: admin, Passwort: STACKIT123!)
 - Kubernetes workloads are not included in this deployment but can be added later.
 - LVM striping (RAID0) can be used for temporary IOPS/performance improvement — but **requires attention to backups**.
@@ -95,7 +118,6 @@ The deployment will output:
 
 - The infrastructure is not auto-scaled or HA-enabled by default.
 - No automated DNS or certificate management is configured.
-- `lan_network3` is non-routed and might require manual routing adjustments if used.
 
 ---
 
diff --git a/project/01-sna.tf b/project/01-sna.tf
index 6ed79ee..b67571e 100644
--- a/project/01-sna.tf
+++ b/project/01-sna.tf
@@ -27,13 +27,23 @@ resource "stackit_network_area" "sna_beta" {
   //depends_on = [time_sleep.wait_before_destroy]
 }
 
-/* resource "stackit_network_area_route" "sna_route1" {
+resource "stackit_network_area_route" "sna_route_alpha" {
   organization_id = var.organization_id
   network_area_id = stackit_network_area.sna_alpha.network_area_id
-  prefix          = "10.220.99.0/24"
-  next_hop        = "10.220.0.0"
+  prefix          = "10.230.5.0/24"
+  next_hop        = "10.220.0.254"
   labels = {
     "key" = "value"
   }
 }
-*/
+
+resource "stackit_network_area_route" "sna_route_beta" {
+  organization_id = var.organization_id
+  network_area_id = stackit_network_area.sna_beta.network_area_id
+  prefix          = "10.220.5.0/24"
+  next_hop        = "10.230.0.254"
+  labels = {
+    "key" = "value"
+  }
+}
+