Dear Shinder-Sama, I got your point. Finally, I could be aware why I can't creat site to site VPN by either pre-shared key or certificate, and problem comes from one end's ISA2K4 Wan connection is through ADSL by PPOE (Dial-up). When I check the event log at this ISA2K4 Box, it indicateds that PPoe-4 port can't be opened, it has been opened up already, I presume that's the reason why VPN port under Routing and Remote Access are all closed and can't accept any in/out call. There is some article saying site to site L2TP VPN connection even both ends are ADSL connection, while the writter shows a sample procress under virtual server enviornments, that is not exact site to site VPN through ADSL connection. For your reference, the NIC connected to ADSL modem is disabled even TCP/IP setting, and only PPOE works for dial-up. I can create a L2TP VPN client inside Lan and connect to remote site of ISK2K4 VPN server. When I tried to mannual activate VPN connection under route and remote access service at ISA2K4 server, the IPSec SA is esbalished, and no answer from remote side after 40 seconds, this means L2TP can't find his own session! Anybody here have any solution for this????!!!!!! Hi Roy, I thought it was Shinder-san? I get confused about those things :) Anyhow, are you trying to implement an L2TP/IPSec site to site VPN using a pre-shared key or computer certificates? You can't do both. So, if you want to use a pre-shared key, don't install computer certs. If you want to use computer certificates, then don't configure a pre-shared key on the VPN gateway endpoints. HTH, Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] Sent: Thursday, March 31, 2005 10:08 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Site to Site VPN Connection Using L2TP/IPSec by Pre-shared Key http://www.ISAserver.org Dear Tom-san, Can I have your any kind suggestion! Thanks, Roy Tsao ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx