Hi Kent, check out http://www.isaserver.org/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=13;t=000326 and other posts on http://www.isaserver.org/cgi-bin/Ultimatebb.cgi . The trick is to use the UDP encapsulation feature (IPSec NAT traversal) between the Secure Remote client and the Checkpoint. HTH, Stefaan -----Original Message----- From: Kent G [mailto:kent.goldfinch@xxxxxxxxxxxxxx] Sent: woensdag 1 mei 2002 7:07 To: [ISAserver.org Discussion List] Subject: [isalist] Internal Firewall 1 VPN client access VPN server through ISA Server Help http://www.ISAserver.org My customer has a Firewall 1 VPN client installed on a Windows 2000 Server Sp2 in the internal (LAN) network that must connect to a Firewall 1 VPN server in another LAN and country. We are using ISA as web cache and firewalling. This ISA server naturally lies between the internal client and the Internet/VPN server. I have been advised to open some ports for in/outbound traffic. For outbound I attempted to grant access via protocol rules but found only TCP and UDP protocols can be used. Problem when we must enable protocol 50 & 94. I have configured IP packet filtering as if anyone requires to know how ISA serve is configured: Protocol=TCP tcp Direction=Both, Local Port=Dynamic, Remote Port= 256 Protocol=UDP Directio=Send Receive, Local Port=Dynamic, Remote Port= 259 Protocol=UDP Directio=Send Receive, Local Port=Dynamic, Remote Port= 500 Protocol=94 Directio=Both, Local Port=N/A, Remote Port= N/A Protocol=50 Directio=Both, Local Port=N/A, Remote Port= N/A I have noticed some articles that mentioned there are issues with IPSec through ISA. IS THIS CORRECT. Also, are these the correct ports,method, and settings to open these ports???? Any help would be greatly appreciated. KENT ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')