My guess is that you aren't -- you said you changed to SNAT client, which means you'll only be able to use IP sets to restrict computers, not "authenticated" users. You'll need to load the FWC for that. t From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Tuesday, January 22, 2008 1:21 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Outgoing VPN... Ah, I see... You can specify - how are you authenticating? t From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers Sent: Tuesday, January 22, 2008 1:12 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Outgoing VPN... But why can you NOT specify a subset of users? ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Tuesday, January 22, 2008 3:57 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Outgoing VPN... Tada :) t From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers Sent: Tuesday, January 22, 2008 12:50 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Outgoing VPN... I double checked the user list and I had a subset of users allowed for this rule (not All Users) - when I changed to ALL USERS, I am now connected to the remote VPN ! ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Tuesday, January 22, 2008 3:06 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Outgoing VPN... Hey Tom - are you sure it's PPTP and not LT2P? What does the log say when you attempt the connection? t From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers Sent: Tuesday, January 22, 2008 11:55 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Outgoing VPN... Trying to get an outgoing VPN connection to work through ISA 2006 on a W2K3 SP2 server. I have the outbound access rule setup as... VPN Outbound Allow PPTP GRE (VPN) - [User-Defined, IP-Level 47 Send Recv] From - Internal To - External All Users Always All Content Type. I have disabled the Firewall Client software, removed the ISA settings in IE Connections, and set my PC up as a SecureNAT Client. It now takes alot longer to fail now, before I made the PC a SecureNAT client, it would fail immediately. Currently I am getting an 800 Error. I bypassed the ISA 2006 server and was able to make the connection immediately with no issues. Any advice would be appreciated. TIA, -TRogers