Hope I can explain my situation well enough, although I apologize as the solution may not even involve ISA 2004 (but I would appreciate anyone's networking advise). I have on my client: 1 NIC hanging off to WAN -- "WAN" 1 NIC connected to H.323 IP Phone -- "Phone" VPN Connection to server H.323 will talk to; receives a 192.168.100.0/24 IP -- "VPN" IPRouting is enabled on the XP SP2 desktop through registry change + reboot ------ Now in terms of ICS (remember that ICS has internal DHCP server which hands out 192.168.0.0/24 by default): 1) When I setup "WAN" to share to "Phone", ISA logs the IP that the H.323 Phone received, so 192.168.0.X. 2) On the other hand, if "VPN" is setup to share to "Phone", ISA logs the VPN address as the client accessing the network, so 192.168.100.X My problem is that in ICS Scenario #1, ISA denies the connection as 192.168.0.X is of course not part of the Internal or VPN Clients network. In ICS Scenario #2, it works fine, but due to the routing problems, it can never find it's way back to the H.323 phone as it knows the destination is only 192.168.100.X and when I trace with Ethereal/Wireshark, the packets do not contain any references to the original client (and so once it hits the PPP interface on the client it doesn't know what to do with it). I think that if I were to bridge "WAN" and "Phone" together, I would be dealing with a combination of the problems of #1 and #2 would I not? (or does a bridge do something special with managing concurrent streams?) I know that if I bridge them together, "Phone" will get an IP from the same DHCP server as "WAN" did, but I run into routing issues. ------ Has anything ever had to deal with this situation? What we be the ideal solution to Scenario #1 [this of course is why I posted here and not some networking newsgroup]? Any other ideas / am I misunderstanding the technical problem? (In case you are wondering why I'm dealing with this problem, it is because due to upper management constraints on server locations while we move offices, all of our servers are in one location while we have users who need to use the phone server remotely and I know it's possible). Jonathon J. Howey MENSE Inc. P 780.409.5620 F 780.409.5621 D 780.409.5628 C 780.965.8363 Jonathon@xxxxxxxx Defining the Future of Industry www.MENSE.ca <http://www.mense.ca/>