Tom, Thanx for the info. I read and tried these articles: "Configuring Remote Access VPN Servers in a Back to Back ISA Firewall Configuration". The beginning sounded like what I need. However, I am not running a back end isa server. I also found an article for ISA 2000 - "Configuring Windows Server 2003-based ISA Server Firewall/VPN Server to Accept inbound NAT-T L2TP/IPSec Calls". The vpn server is a non-windows based appliance using a shared-key - no certificates. The Microsoft paper "Publishing a VPN Server is ISA Server 2004" stated the LT2P over IPSec using NAT-T must be Windows Server 2003 based. This vpn server default gateway is that of a win 2003 server/rras -- this server is without ISA. Should I change it's network to that of the ISA Internal network and not on an internal network? greg ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, October 05, 2005 8:27 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publish VPN server - revisited http://www.ISAserver.org Hi Gregory, There's an article on the www.isaserver.org site on how to publish NAT-T L2TP/IPSec VPN servers. I do it all the time, along with user certificate authentication for the EAP user auth. Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx] Sent: Wednesday, October 05, 2005 8:19 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publish VPN server - revisited http://www.ISAserver.org Change NAT-T server and client to IPSec NAT-T server and client. ________________________________ From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx] Sent: Wednesday, October 05, 2005 8:18 AM To: [ISAserver.org Discussion List] Subject: [isalist] Publish VPN server - revisited http://www.ISAserver.org ISA 2004: I have a VPN server sitting behind Windows 2003/RRAS (network behind a network) -- the Win 2003 is SNAT with the ISA 2004. Internally, the device, wireless remote access point (RAP), attaches to the VPN server routing through ISA with no problems. ISA's logging displays NAT-T client (4500/UDP - send receive) as the protocol used. How can I publish this VPN server/protocol to the Internet? The VPN server sees the Internet based RAP - I determined this by pinging the RAP from the VPN server while they are negotiating. Their negotiation never comes to fruition. The RAP just reboots and keeps trying. Now, this published rule to the Internet uses (NAT-T server receive send) protocol - not the (receive send) as seen internally. TIA greg ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gregory.crockett@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gregory.crockett@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx