Hi, > also does this. If you're doing user/password auth to actually bring up the > VPN tunnel _as_well_as_ box auth (L2TP in IPSec does this, f'rinstance) then And - as L2TP is only kind of 'tunneled PPP' - you can then use any authentication scheme that PPP supports (=> as soon as there is wider support for EAP [AFAIK there is no support in e.g. IOS yet] there will be quite some choices). So you can implement (cert-based) box-authentication + PPP-based user-auth. I wrote a technical paper (kind of 'step-by-step') on this some months ago: 'Implementing an IPsec/L2TP-based VPN between W2K clients & Cisco routers'. If anybody is interested in it, please mail me off-list (and please note: it's in german, I did not yet find the occasion to translate it). Enno Rey erey@security-academy.de --- www.security-academy.de PGP 74C0 C7E1 3875 E4EB 9B75 8B9D 5E2D 3178 685B F222 - [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe firewalls" in the body of the message.]