Hi Everyone I am trying to setup VPN server on ISA server using EAP (Certificates based). I have setup the RAS server to allow only EAP authentication and also Remote Access Policies to allow EAP authentication (Smart Card or other Certificate). My ISA server has got a Server Certificate from an Enterprise CA authority on the domain. My client also has got a user certificate from the same CA (the user here is a domain user). Client also has got a server certificate from the same CA. Now I make a VPN connection that uses only EAP authentication - I select the following: "Security (tab) Advanced (custom settings) Use of these settings requires a knowledge Of security protocols" Then under settings for this option, I select: "Data Encryption Require encryption (disconnect if server declines) Logon Security Use Extensible Authentication Protocol Smart Card or other Certificate (encryption enabled) " then under Properties: "Use a certificate on this computer Validate server certificate Trusted root certificate authority XXXXX " Now when I connect the first dialog is as expected "Connecting to xxx.xxx.xxx.xxx" Then comes "Verifying Username and Password ..." And after some time an error comes: "Disconnected Error 619: The port is not connected" If, however, I use MS CHAP V2, connection goes through perfectly. Also if I am logged on to the domain and then make the VPN connection to the ISA server (by giving its external interface IP) EAP works fine and in the connection properties I see "Authentication: EAP". What is puzzling me is that when I make VPN connection using EAP from a PC not on the domain, I get a pop-up asking me to select a certificate and that's all. It then tries to make connection to the VPN server. Where does the Username and Password come in that case? I have been trying all possible configurations for quite some time but couldn't make it work. Help wanted desperately! Thanks Nitin