The hosts at each end have to have a route to the other. If they don't use their "local " ISA as their last hop, it won't work. Jim Harrison jim@xxxxxxxxxxxx www.isatools.org Sent using Vista Beta 2 and Office 12 Beta 2 (aincha jealous?) From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Sunday, July 23, 2006 6:24 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: VPN: Nat or Route? Routes at both ends? If I use route the workstations aren't able to run the application or ping past the ISA server. The route seems to be working in one direction only - IN. I shouldn't need to add this network to the windows routing table manually, should I? ________________________________ From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat Sent: Saturday, July 22, 2006 3:20 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: VPN: Nat or Route? You need routes at both ends.... S From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Saturday, July 22, 2006 9:57 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] VPN: Nat or Route? When creating a site-to-site VPN how do I know whether to choose Route or NAT? Here's the current situation I'm working with. Need to setup site-to-site VPN. The remote site houses an accounting package. The local site runs a Telnet window to access it. There are multiple users at the local site that will be using this app. The remote site needs to be able to LPR print to the local site. Using Route, the server can ping through to the remote network but the workstations can't. Remote site can print. Local site can't access the app. Using NAT, workstations can ping through to the remote network and run the app. But the remote site can't print to the local site. Thanks, Amy All mail to and from this domain is GFI-scanned.