Hi Guys, I hope someone can help me out with a solution for my problem. It is concerning an IPSec 0.0.0.0. issue: On a Cisco VPN gateway/device or othe SOHO router it is possible to utilize the 0.0.0.0 route through the IPSec tunnel as a default gateway. This appears to be useful especially if you want to be very flexible with your internal network (remove and add subnets) without losing the IPSec tunnel from your remote site to your internal network, and for security reasons. I'm working for a construction company and need to add more than 70 Remote Sites at constructions. These sites need to have the 0.0.0.0 route ala policy to the main office wich hosts ISA Server 2004. However, when you define 0.0.0.0 as the remote subnet at the remote site it keeps negosiating at PhaseII, because the IPSec filter do not allow such connection. Only to subnets wich are defined at the Internal network interface on ISA Server 2004. So if one decides to configure a VPN device with a remote range with the IPSec tunnel 0.0.0.0, this implicates that this range must be also configured on the ISA2004 server as local range! Which is of course not the case, resulting in the message "this policy is not exisiting" during phaseII, establishing the IPSec tunnel. When configuring a remote subnet wihich is defined on ISA2004 on the internal network things work out well. L2TP can do this, PPTP can do this, but it need's to be IPSec, because compatibility with different VPN devices. Microsoft told me that there would be a fix for this, although... not a fix, but as a new feature in Service Pack 1. Service Pack 1 is now available, but still no solution for the problem. I hope you can help me out! Kind regards, Boudewijn