Hello, My thanks go out to Stefaan Pouseele for his great article about allowing IPSEC traffic through the ISA server. It worked so well that now I'm trying to have my Checkpoint NG with Application Intelligence (R55) 091 do the same. Stefaan's article showed clearly how to pass the SecureClient traffic through the ISA. I would like to pass the Windows VPN client pptp and then IPSEC traffic through my office's checkpoint to my ISA 2004 server at home. The CP web site sucks and there doesn't seem to be a web site like this one for that product, so please don't flame me for asking a CP question in this forum. I tried my best to convince the boss to go with the ISA server but he insisted on the CP. I thought I'd start with passing pptp traffic and the trying the IPSEC NAT-T once I got the pptp to pass. For the pptp I've allowed tcp 1723 and gre protocol 47. The ms vpn client gets as far as verifying the username/password and then the ms client reports that the remote system didn't responded. The cp does not log any rejects or drops as it relates to the connection. What other ports do I need oped to allow this traffic to pass? Thanks, Thomas P. Endter Information Technology Manager ChildNet "To protect Broward's abused, neglected and abandoned children" 1400 West Commercial Blvd, 2nd Floor Ft. Lauderdale, FL 33309 (954) 557-6597 Phone (954) 202-3897 Fax