Hi everyone, Been along time to post a question with yah guys and gays. I ran into tonight a stubber! I customer of mine is evaluating ISA 2000 versus SonicWall Pro 100 but his requirements is to vpn to a project of theirs that uses Checkpoint Firewall-1. ISA 2000 VPN(pptp) is rock solid to allow VPNClients to their network and outside their network. The problem they are having is their deverpers are at their project site behind FW-1 and attempting to vpn back to their HQ-ISA2K but the connection fails. Also, they attempt to vpnclient (using Checkpoint SecureClient-1) behind HQ-ISA2K to the project site FW-1 and fail to connect. Their admin wants us to verify that the following ports are enabled (notice I didn't say open :^): SSL - 443 UDP - 500 TCP - 264 UDP - 2746 IP 50 + 51 I made the protocol rules with not results... Looked at the IP Packet Logs and FWLogs with ALLOWED listed for just 264 and 500...I don't see anywhere else in the logs for SecureClient-1 uses any other ports, then I just gave up and broke the Holy Moly ISA Golden Rule, and created packet filters for the listed ports and still fails! Gessh.... Yes, we are on a completely different subnet then project site Yes, their admin will not allow PPTP in their site and out of their site..(Company Policy)...that explains why MS VPN Client doesn't' work from their site - talk about big fish eating the little fish! Yes, we the moved the client to a public ip (dial-up) and their SecureClient-1 functions correctly, but behind ISA...nadda! So.....Is there something I have missed to make Checkpoint VPN Client work behind ISA? I would like to push ISA very much but I'm guessing the customer is swaying towards a simple dummy hardware solution? Either way, I'm interested in knowing what else I can do to allow Checkpoint VPN Client to work behind ISA? Sorry in advance to the multi-post newsgroups but I'm looking for an answer tonight as soon as I can get an answer I'm going to work all night until I find an answer on this Thanks everyone _____ Regards, David V. Dellanno - MCSE, MCP+I, MCP MSDEMO Consultants Williams Place 2564 Bridgewood Lane Snellville, Georgia 30078 USA (770) 736-8794 (Office) msdemo.net Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.