Hi Tiago, Tunnel traffic is only inspected when the ISA Server establishes a VPN client link to a VPN server, not when the ISA Server is implemented as a VPN gateway. The VPN connection client connection from the ISA Server is very unusual, which I think is done for some bastardized versions of DSL connections to local ISPs. Not sure what other reasons you would have a VPN client connection from the ISA Server to a VPN Server for. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] Sent: Wednesday, April 16, 2003 3:41 PM To: [ISAserver.org Discussion List] Subject: [isalist] Filtering on VPN tunnels? http://www.ISAserver.org Guys, I have a router-to-router VPN with my Branch Office (that which has PPPoE DSL). Here in my HQ I have a Windows 2003 server with ISA server, in the branch office I have Windows 2000 server. Ever since I migrated to 2003 Server, my branch office cannot open RDP (terminal services) connections, Open Outlook clients and map network drives here in the HQ. as far as I know, tunnel traffic was only inspected before SP1, right? The workstations that won't do these tasks can be ping'ed, they can open SMTP sessions here in the HQ, both sides of the network can see each other, I can VNC any workstation on the branch office, but none of these symptoms happen locally on the server. All workstations use the RRAS server as the default gateway and everything, and I have all the necessary static routes created. Well, I noticed that they only do tasks for which I have IP packet filters created for (ICMP, HTTP, and SMTP). But this shouldn't have anything to do with it, should it? On the Windows 2003 configuration, is there anything else that should be configured specifically for it? I applied SP1 as it requested, but I can't remember anything else that should be done. Any ideas for this issue? Tiago de Aviz IT Consultant MCP-CNA-AIX-CCNA-CCDA -------------------------------- www.softsell.com.br tiago@xxxxxxxxxxxxxxx -------------------------------- ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')