Dear Tom, There are two articles presented by you at Microsoft website: "Creating A Site-to-Site L2TP/IPSec VPN Between ISA2004 VPN Gateays: Hotw to Configure the Pre-shared Key" "ISA Server 2004 VPN Deployment Kit" I am quite confused in the these two: 1) In the first one, you mentiond "If you have a cerficate installed on this computer and you enable the pre-shared key option, then the pre-shared key will always be used" but the later one said Pre-shared key is just a backup when certificate failed which is correct? 2) Also in the first one, "if you do not have a cerficate installed, and you decide to use a pre-shared key as backup, the site-to-site VPN connection will fail. Do not seclect the Allow pre-shared key IPSec authentication as a secondary (backup) authentication method option, even if you do not have a certificate installed on this computer" But there is a illustration in the 2nd article showing check option of pre-shared key option as a secondary authentication method. What is the correct way to have L2TP/IPSec VPN by pre-shared key without certificate 3) My problem in creating site to site VPN connection Could succeeded in creating site to site by PPTP, but whenever I switch into L2TP/IPSec with pre-shared key, the connection always fails. The log shows "No response from remote computer against L2TP dial-in authentication", what's wrong? Thanks, Roy Tsao