Hi Scott, if you want a gateway-to-gateway VPN and full connectivity (all sort of protocols such as file and printer sharing, domain logon, etc...), your VPN endpoints should have access to the internal networks. So, if the ISA sits behind the Netscreen (on the internal side) then the ISA should be the VPN endpoint. Now, this is not a easy configuration because I think Netscreen is using pure IPSec for VPN. To make life easy, I suggest you place the Netscreen in parallel with the ISA and use it *only* for the VPN connection. Hope this helps, Stefaan -----Original Message----- From: ScottBWilliams [mailto:scottbwilliams@xxxxxxx] Sent: zondag 24 februari 2002 0:26 To: [ISAserver.org Discussion List] Subject: [isalist] ISA behind a Netscreen http://www.ISAserver.org Anyone had any experience setting up a VPN from a Netscreen to another Netscreen and behind that is an ISA Server? We acquired a company that uses Netscreens that wants to seup a VPN between our network and theirs. Problem is that we use ISA server to control access. We can use the Netscreen to do normal web stuff, but now they want to be able to VPN between their office and ours and want to use Netscreen thanks, Scott ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')