Hi William, Nope. You can call the 3rd address, but "most of the time" the responses will come back from the primary IP address. Check out my articles regarding NLB and VPN over at www.isaserver.org. That's why you could only use Win2k and WinXP pre-SP1 as VPN clients, because the connecting IP address and the response IP address was different. Good new. *Maybe* fixed in Win2k SP4. DEFINITELY fixed in Win2003. HTH, Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: Wednesday, July 02, 2003 3:41 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Change IP Address of VPN http://www.ISAserver.org Hi Tom I'm with you on the bottom line of not being able to control the source address for outbound communications, but what about the reverse, controlling the inbound address. For example, if I can get my inbound VPN clients to connect to the 3rd IP Address, surely all communications will then leave ISA on this 3rd IP and not the 1st one which is used by all other communication? This should then in principle be a way in which I can "control" the source address of the VPN connection? So I have changed the 2 Packet Filter rules to be applied to this 3rd address, but I'm hoping you can assist in getting RRAS to accept the connection on this 3rd IP Address because so far all my efforts have failed. Cheers William R. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: 02 July 2003 09:57 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Change IP Address of VPN http://www.ISAserver.org Hi William, I would not make that assumption because I have no idea how ISA decides what address to use for the source address for outbound communications. I once heard a pretty eloquent explanation from Jim regarding this, but I don't recall the details, and I wasn't smart enough at the time to fully appreciate what the issue was. However, I'm a bottom line kind of guy and I did appreciate the fact that you can not control the source address for any particuarl outbound packet. And that's what counts, right? HTH, Tom