You can do that; W2K RRAS handles the user auth with or without ISA. RRAS will use domain or local user credentials as you define in the RRAS configuration. If you want domain auth (sounds like it), you need to make the VPN server a domain member. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: <student2003@xxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, February 04, 2002 11:29 Subject: [isalist] Re: Authentication path http://www.ISAserver.org As you can tell I am a newbie with this - my thinking was have the user's connection from the Internet to our VPN servers be authernicated by an ISA server. I thought doing so would enable us to place domain wide remote access policies in one place and to audit our VPN connections. Am I way off base? thanks very much for the note. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')