Hi Gops, ip protocol 50 is ESP (IP Encapsulating Security Payload) and part of the IPSec standard. If you want to get IPSec through ISA (internal IPSec VPN client to external IPSec VPN gateway) this will *not* work. ISA is doing NAPT (Network Address and PortTranslation) and this breaks IPSec. This is *not* a ISA specific problem but an incompatiblity issue between NAPT and IPSec. The IETF IPSec working group (http://www.ietf.org/html.charters/ipsec-charter.html) responsible for the IPSec standard is very well aware of that problem and is working hard to solve that problem. In the mean time, the big IPSec vendors (CheckPoint, Cisco, Redcreek, Nortel, etc...) have already a vendor specific solution for passing NAPT device. Most of them have some form of UDP encapsulation of the IPSec traffic to enable passing through NAPT devices. The only drawback is that those solutions are at the moment vendor specific. So, the VPN client and Gateway must be from the same vendor. Regards, Stefaan ----- Original Message ----- From: gops To: [ISAserver.org Discussion List] Sent: Thursday, February 07, 2002 7:53 PM Subject: [isalist] ip protocal 50 http://www.ISAserver.org HI, Can any one help me out how to enable ip protocol 50 step by step Gops, ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')