Hi Greg, Ha! "hardware". Better check to see if he has an insurance policy for data loss :) Check the www.isaserver.org, I'm sure I did an article on publishing PPTP servers. Make sure the downstream ISA firewall terminating the VPN connection is a SecureNAT client of the upstream ISA firewall. Oh, wait a minute, you're using a low security IPSec tunnel mode client. Ouch. You need to know exactly what protocols are being used by the vendor and how they match up with RFC. The reason why MS went with L2TP/IPSec over IPSec tunnel mode is that they did not want to lock people into proprietary implementation of IPSec tunnel mode, since it was NEVER designed for remote access VPN client connections. /off sandbox. Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx] Sent: Thursday, September 22, 2005 12:31 PM To: [ISAserver.org Discussion List] Subject: Publish a VPN server / ISA 2004 I'm looking for info to publish a VPN server behind ISA 2004. When I set up a rule to publish, the VPN client sees the sever, but can not authenticate. The vendor tech support prefers a hardware based firewall. How can I get around this? The VPN server is Aruba Wireless. It allows remote Access Point anywhere on the Internet. The AP tunnels back using IPSec, NAT-T. TIA greg