An IPSec tunnel will need to know both end's IP in order to set up the tunnel, match rules, and route properly... What's wrong with an old-fashioned VPN from his/her computer? And can the router not act as a VPN client? t From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of William T. Holmes Sent: Saturday, March 15, 2008 2:30 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Endpoint IPSEC with DHCP assinged address. Hi, Can anyone give me a pointer on this one? Thanks Bill From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of William Holmes Sent: Friday, March 14, 2008 12:54 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Endpoint IPSEC with DHCP assinged address. Hi, I would like to deploy a router in one of our Executive's home. The router I have can be configured with IPSEC tunneling. I am only interested in having the IPSEC tunnel startup from the endpoint not from the ISA2004 Server. Is there a document on setting up? I looked at http://www.isaserver.org/articles/2004isadlink.html but that indicates I need a fixed IP address at each end of the tunnel. Can this same thing be accomplished with a dynamic IP address on the endpoint so long as I don't wish to establish the tunnel from the ISA server's side? Thanks Bill