You are correct; I should have been more pedantic -- the SA series cannot terminate site-to-site IPsec tunnels, according to the sales engineer, unlike the Cisco 3000 series and ASA. -- Toivo Voll University of South Florida Information Technology Communications -----Original Message----- From: Stefan Fouant [mailto:sfouant@shortestpathfirst.net] Sent: Monday, March 08, 2010 2:29 PM To: Voll, Toivo; Chris Campbell; Dawood Iqbal Cc: nanog@nanog.org Subject: Re: Best VPN Appliance Toivo, The SA Series absolutely supports IPsec if you are using Network Connect. It defaults to using IPsec and if that is not supported then it will fall back to SSL. Of course, NC is not as secure as W-SAM, J-SAM, or Core Access in terms of role and resource granularity control but the support for IPsec is absolutely there.