Hi Scott, The client's dedicated interface has to be on a differenet network ID than the IP address assigned to the VPN client. HTH, Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Talley, Scott [mailto:stalley@xxxxxxxxxxxxxxxxx] Sent: Tuesday, February 28, 2006 8:22 PM To: [ISAserver.org Discussion List] Subject: [isalist] more Cisco VPN.. http://www.ISAserver.org Hello all, I'm having the classic issue of Cisco VPN client out from behind ISA2kSP2/Win03SP1. Can connect to the remote Cisco VPN gadget, acquire a dhcp address, then nothing. Can't even ping a host on the remote network. Cisco client shows keep-alive traffic flowing outbound, but nothing inbound. I've carefully checked my config, allowing UDP 500/4500/10000/20000 s/r according to Stephans excellent docs and kb812076, my client machines are SNAT. I've verified that they have IPsec over UDP nat/pat engaged on the gizmo and are using the standard udp 4500 port for encapsulation. I don't see any any denied connections in the logs. Now here's the craziest part: Their network guys are telling me that because I use a 10.10.10.x network and they use a 10.10.x.x network, that routing is impossible. Now I'm obviously no networking wizard, but can anyone throw me some ammo? Thank you, Scott Talley IT Manager, The Combined Group e> stalley@xxxxxxxxxxxxxxxxx p> 469.892.9829 f> 469.892.9710 NOTICE: This e mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx