> To answer my own question, looks as if 7000, 7002, 500. Or just 500? Well if you can, try with port 500 and see if it works. BTW I guess you shouldn't use AH encryption since it's putting the host IP address in the packet and it's passing through a router so on the other side it will deny the packet. Regards