The decision to route or NAT isn't ever clear-cut. 1. If you need domain association between siteA and siteB, you *cannot* use NAT 2. If you cannot alter the routing structure at siteA or siteB, you *cannot* use route In order for a route relationship to function properly, both ends of the test *must* use each end of the VPN chain as a router to the other side. The other thing to remember is that ISA NAT isn't symmetrical. IOW, hosts in "local" have to access hosts in "remote" by using a remote ISA external IP and there must be one IP for every "remote" host. Jim Harrison jim@xxxxxxxxxxxx www.isatools.org Sent using Vista Beta 2 and Office 12 Beta 2 (aincha jealous?) From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Saturday, July 22, 2006 5:57 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] VPN: Nat or Route? When creating a site-to-site VPN how do I know whether to choose Route or NAT? Here's the current situation I'm working with. Need to setup site-to-site VPN. The remote site houses an accounting package. The local site runs a Telnet window to access it. There are multiple users at the local site that will be using this app. The remote site needs to be able to LPR print to the local site. Using Route, the server can ping through to the remote network but the workstations can't. Remote site can print. Local site can't access the app. Using NAT, workstations can ping through to the remote network and run the app. But the remote site can't print to the local site. Thanks, Amy All mail to and from this domain is GFI-scanned.