OK so I have corrected the config error in the shared key - now I get a double authentication from CPG, once from its regular address, and a second seemingly erroneous message from CPG via address 127.0.0.1 ? Why on earth is it requesting a second authenticatoin attempt and announcing its on NAS address as a loopback, which is caught by a more generic service definition in CPPM and fails. strange