I'm pretty new here on ipsec, but I've been lurking on L2TP for months, so I'm jumping in. If the corporate firewall supports IPsec, the user has *no need* for l2tp. The user can run IPsec from his laptop to the firewall, with no regard for the PPP connection to the pop. The only thing making l2tp (or l2f, or pptp) attractive at this point is that IPsec isn't finished. Scott