Hi Casey, IIRC, the local VPN server belonged to the internal network domain, and the remote VPN server was a standalone. It doesn't really matter, as you can assign certificates to any computer and the router credentials are stored in the local SAM of the servers. I have *not* tested it with the VPN servers being DCs, but the procedure should be the same. HTH, Tom Thomas W Shinder www.isaserver.org/shinder http://tinyurl.com/1jq1 http://tinyurl.com/1llp -----Original Message----- From: Friese, Casey [mailto:cfriese@xxxxxxxxxxxxx] Sent: Tuesday, November 19, 2002 1:33 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA to ISA VPN http://www.ISAserver.org Greetings, I have 2 domains with AD and the whole 9 yards. Both only have one server - The ISA server which is the DC at each location. I want to create a gateway-to-gateway vpn between the two sites using L2TP/IPSec. I'm following Tom's 2 part instructions but they appear to be geared towards ISA being installed in a Stand-Alone configuration, not in a domian configuration or with ISA on the DC. I'm a bit confused with the certificate sections - ie., enterprise root ca, stand-alone ca. Do I need both? Just one? Which one if only one - Enterprise? If I need both and I only have one server at each site, then what? -Casey List Sponsored by Aspelle Aspelle's Microsoft-centric, Aspelle Everywhere, leverages ISA server and the Internet to quickly and cost-effectively manage and deliver secure, client-less access to all corporate applications (Web, Unix, Windows and legacy systems), for all users. More info at http://www.aspelle.com/info ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')