Greetings, I have 2 domains with AD and the whole 9 yards. Both only have one server - The ISA server which is the DC at each location. I want to create a gateway-to-gateway vpn between the two sites using L2TP/IPSec. I'm following Tom's 2 part instructions but they appear to be geared towards ISA being installed in a Stand-Alone configuration, not in a domian configuration or with ISA on the DC. I'm a bit confused with the certificate sections - ie., enterprise root ca, stand-alone ca. Do I need both? Just one? Which one if only one - Enterprise? If I need both and I only have one server at each site, then what? -Casey