Hey guys, You do NOT need to use VPN to have full Outlook MAPI client access to Exchange. ISA Sever firewalls allow you to do secure Exchange RPC publishing, which is about 10,000 times more secure than VPN access. VPN access allows the client to access all resources on the internal network, which is an invitation to allowing worms in. I've seen a number of networks that were infected by VPN clients. I have seen no networks infected because of secure ISA firewall RPC publishing. None. Why? Because ISA firewalls protect you from RPC exploits. The pix firewall let them through and do not protect you. All the infected networks I've seen have been "protected" by pix. ISA VPNs work great, BTW, and are a lot easier to configure and manage than the dreaded pix. Check out: http://isaserver.org/articles/isa2000vpndeploymentkit.html If you want to publish Exchange services securely, check out: http://www.tacteam.net/isaserverorg/exchangekit/default.htm I'll update the list of article links later today. HTH, Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Ron Harris [mailto:rharris@xxxxxxxxxxxxxxxx] Sent: Friday, September 05, 2003 3:37 PM To: [ExchangeList] Subject: [exchangelist] RE: External clients & firewall not in a domain http://www.MSExchange.org/ Has anyone been using a Cisco VPN Concentrator with the Software Client to VPN into the internal network? I believe some ISPs are still blocking TCP port 135. Should an IPSec tunnel help with Exchange access when these ports are blocked? Ron