I have a windows 2003 domain. I have 2 Servers that are both in the same domain. I have a filter requiring ESP (3DES/SHA1) only for communications on port 80 + 25 between these 2 servers. When I use kerberos for authentication... authentication fails. When I switch the authentication method to use a preshared key for authentication, everything works perfectly. DNS is working fine. The servers resolve each other and the DC properly. Logging into the servers works properly, and normal kerberos auth doesn't seem to cause problems/errors. ##### IKE security association negotiation failed. Mode: Key Exchange Mode (Main Mode) Filter: Source IP Address XX.XXX.XXX.XX Source IP Address Mask 255.255.255.255 Destination IP Address XX.XXX.XXX.XX Destination IP Address Mask 255.255.255.255 Protocol 0 Source Port 0 Destination Port 0 IKE Local Addr XX.XXX.XXX.XX IKE Peer Addr XX.XXX.XXX.XX IKE Source Port 500 IKE Destination Port 500 Peer Private Addr Peer Identity: Kerberos based Identity: servername$@domain.COM Peer IP Address: XX.XXX.XXX.XX Failure Point: Me Failure Reason: Negotiation timed out Extra Status: Processed first (SA) payload Initiator. Delta Time 62 0x0 0x0 ##### I've followed the MS troubleshooting docs, (disabled any offloading), and verified that there are not errors in the AD logs. Any help/ideas would be GREATLY appreciated.