Hi Shawn, I THINK, It is a little bit large, but I will try to explain the issue. There are important components to defining these ISA-to-ISA links. Only one of the VPN peers initiates the VPN connection. The remote VPN peer simply recognizes the connection, and initiates the appropriate initialization of the local interface when the peer supplies a username that matches the name of the local interface. One ISA must be chosen as the ACTIVE VPN. The other ISA must be considered as the PASSIVE VPN. This simply indicates which VPN initiates the VPN connection. The demand-dial configuration for this would be as follows: ACTIVE VPN: Router Name: MAD_to_PT Remote IP Address: 193.127.20.115 Dial-Out Credentials (Username): MAD_to_PT Dial-Out Credentials (Password): <anything - preferably complex> Dial-Out Credentials (Domain): MADRIDVPN Dial-In Credentials: <blank!> During the creation of the interface, Windows 2000 will prompt for dial-in credentials. Since this interface is the active dialer, these credentials are not needed. Instead, dial-out credentials should be specified. Once this interface is configured, select the properties of the interface. Change the type of interface to persistent, and set the redial attempts to 10000. PASSIVE VPN: Router Name: MAD_to_PT Remote IP Address: <blank!> Dial-In Credentials (Username): MAD_to_PT Dial-Out Credentials (Domain): <blank!> When you create this passive interface, dial-in credentials must be established. This may be performed by selecting the add account so remote ISA can dial in option during configuration. After the interface is configured, select the properties of the interface and change to demand-dial, and set the disconnection time to never. When the ACTIVE VPN is initialized, a connection to the remote VPN is established. Upon connection, the dial-out credentials are presented to the remote machine. Upon receiving the credentials, the PASSIVE VPN recognizes that the name of the local RRAS interface matches the username of the credentials. Thus, it immediately associates the VPN interface to the connection - and routes packets appropriately. I hope it will help you. Cheers. -----Mensaje original----- De: Shawn Anderson [mailto:sanderson@xxxxxxxxxxxxxxxxx] Enviado el: miércoles, 28 de agosto de 2002 16:48 Para: [ISAserver.org Discussion List] Asunto: [isalist] ISA to ISA VPN http://www.ISAserver.org I am trying to connect two office together via an ISA to ISA connection with VPN. The connection is set as persistant, however the connection seems to drop every 4 hours or so. The VPN status on both machines states that they are connected, however nothing goes from one site to the other. Any one seen this? ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mperez@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')