I think I know the answer to this but am looking for confirmation. I have a user with Mac OS X which has a "Windows compatable PPTP VPN Client" built-in. I tried to get them to connect to my VPN on ISA server EE. All Windows users connect just fine. They get this error. >>>Fri Nov 22 00:01:39 2002 : CHAP authentication failed Which says to me that the Mac client isnt supporting MS-CHAP style authentication. I am can probably specify Basic Authentication (aka Clear Text) to let them in. On a web server this means SSL on the logon page if you want to protect the credentials in transit on the internet. Question is: When establishing the VPN tunnel and authenticating are the credentials encrypted via the pending PPTP connection no matter the style of authentication or does encryption via PPTP not happen until AFTER a successful authentication and prior to that you get what you get? Much Thanks! Chris