Hi Tom, Are you sure only MPPE is involved in the encryption strength settings? Hmm... That would mean there are two places where the encryption strength is configured. Once in the RRAS Encryption tab for PPTP and once in the installed IKE policies for L2TP/IPSec. For the latter I see 3DES and DES as allowed encryption. So, how can we be sure which one will be negotiated? I find it rather strange you can't define such an important setting through the ISA MMC :-(( Thanks, Stefaan -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: zaterdag 29 januari 2005 17:49 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Remote access encryption strenght with ISA2004 http://www.ISAserver.org Hi Stefaan, Good questions. My solution has been either: 1. Use only L2TP/IPSec (in which case, MPPE isn't an issue) Or 2. Use RADIUS policy. HTH, Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Stefaan Pouseele [mailto:Stefaan.Pouseele@xxxxxxx] Sent: Saturday, January 29, 2005 5:16 AM To: [ISAserver.org Discussion List] Subject: [isalist] Remote access encryption strenght with ISA2004 http://www.ISAserver.org Hi all, ISA2004 configures an 'ISA Server Default Policy' in RRAS. If you look at that policy then you see that in the Encryption tab Basic, Strong and Strongest encryption is enabled. You can disable i.e. Basic and Strong to enforce Strongest encryption, but when you restart the ISA server the ISA Server Default Policy is reset. So, here are some questions: 1) How can we enforce Strongest encryption? 2) Is this only possible if you use a Radius (IAS) server? 3) Can we safely delete the other RRAS defualt policies 'Connections to Microsoft RRAS' and 'Connections to other access servers' and is there a benefit in doing so? Regards, Stefaan