Here's my implementation scenario: In our higher education environment, network traffic accountability is important. We currently do not use Network Address Translation (NAT) for that reason... If someone is bad on someone's computer, we can determine quickly and easily (by IP address) whose computer it was and shut it down. SO, I have two questions: 1. Can we run ISA without NAT, and use public IP space inside (the internal public space would obviously be in the LAT.) ? If so, then we maintain accountability as we do today. 2. If we have to use NAT, and someone is bad, how do we match up some network traffic out on the Internet that appears to be coming from our ISA's external IP with an internal machine? Is there some kind of translation log that will help us with this? Let me know if these questions aren't clear.. I'd be happy to clarify. Thanks in advance for any help! Curtis Kline UC Santa Barbara