Thanks for the replies. pardon me if i'm wrong. The settings available for specification of tunnel endpoints does not enable tunnel mode. I had tried to look for the setting for [tunnel/transport] setting option in the IPSEC policies but i could not find it. there is only options for the kind of algo[AH, ESP, DES, SHA1 etc... ] used for encryption and integrity. If this is true, does this mean that windows built-in IPSEC capability can only facilitate transport mode? What abt setting up a VPN for RRAS? Can a tunnel mode VPN be configured for RRAS?