Tom, Thanx. The VPN server sits on an internal network behind an Internet facing ISA 2000. I need to use the web proxy of the isa 2000 for our wirless clients. These clients are anonymous and filtered with Surfcontrol -- Surfcontrol does not filter anonymous on ISA 2004. Today, I reconfigured using the article "Configuring Remote Access VPN Servers in a Back to Back ISA Firewall Configuration". The ISA 2000 web proxy was bypassed. I can attach the AP to an internal network off the ISA 2004 -- no problems. Only see problems when attaching external of the ISA 2004. Sent email to vendor regarding exact protocol. TIA greg ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thu 9/22/2005 12:36 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publish a VPN server / ISA 2004 http://www.ISAserver.org Hi Greg, Ha! "hardware". Better check to see if he has an insurance policy for data loss :) Check the www.isaserver.org, I'm sure I did an article on publishing PPTP servers. Make sure the downstream ISA firewall terminating the VPN connection is a SecureNAT client of the upstream ISA firewall. Oh, wait a minute, you're using a low security IPSec tunnel mode client. Ouch. You need to know exactly what protocols are being used by the vendor and how they match up with RFC. The reason why MS went with L2TP/IPSec over IPSec tunnel mode is that they did not want to lock people into proprietary implementation of IPSec tunnel mode, since it was NEVER designed for remote access VPN client connections. /off sandbox. Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx] Sent: Thursday, September 22, 2005 12:31 PM To: [ISAserver.org Discussion List] Subject: Publish a VPN server / ISA 2004 I'm looking for info to publish a VPN server behind ISA 2004. When I set up a rule to publish, the VPN client sees the sever, but can not authenticate. The vendor tech support prefers a hardware based firewall. How can I get around this? The VPN server is Aruba Wireless. It allows remote Access Point anywhere on the Internet. The AP tunnels back using IPSec, NAT-T. TIA greg ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gregory.crockett@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx