Hi Jens Thanks very much for your help. I didn't use your exact code as I do not have a Gateway-to-Gateway VPN, but I did do the following: access-list outside_interface permit gre any host <isa-server> Do you know of any security risks that I may be running by doing this? Cheers William R. -----Original Message----- From: Jens von Bülow [mailto:jens@xxxxxxxxx] Sent: 24 March 2003 15:49 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA VPN behind PIX http://www.ISAserver.org William, By default ISA tries to establish a PPTP VPN connection Try the following on your pix access-list outside_access_in permit gre host <isa-server-1> host <isa-server-2> Regards Jens ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')