I am setting up the IPSec Tunnel VPN with ISA 2k4 and Sonicwall. I have the oddest things happening with this. I see the tunnel establish on the sonicwall and can see my network listed as one of the established networks on the Sonicwall Device. When I try a ping from my ISA server I get a string of "Negotiating IP Security" for my result. When I ping from the Sonicwall side I get a no reply. I look inside of the logs of the Sonicwall logs and see the tunnel establishing there as well, but, immediately afterwards I see "IKE Responder: IPSec proposal does not match (Phase 2) IKE Responder: ESP Perfect Forward Secrecy mismatch". I removed Perfect forward secrecy to eliminate that and only received "IKE Responder: IPSec proposal does not match (Phase 2)" For ISA I have 3DES and SHA1 as my Encryption and Integrity Algorithms, Generate a new key every 3600 seconds. On the Sonicwall I have my Phase 2 Encryption/Authentication set to "Strong Encrypt and Authenticate (ESP 3DES HMAC SHA1)". I have tried changing the Phase 2 information just to see if I generate a different error. I get the same error but the tunnel doesn't establish when I do that. At this point it feels like so close but yet so far. Any ideas on what else I can try? Steve