Hi, Everytime a client VPN's in, I am receiving two IP Spoofing alert when they connect.. one from their VPN Address assigned and one from their External/WAN IP. I configured RRAS through the SBS Wizards, so it should of configured it correctly (in theory). -RRAS hands out IP's according to DHCP, which should be from 192.168.100.100 -> 192.168.100.109. -In ISA, 'Configure VPN Client Access' -> VPN Properties -> Address Assignment -> uses Internal to obtain DHCP. The "Access Networks" tab in the properties has External and All Networks checked off. -When I look at the VPN Connection on the client, the "Server IP Address" is 192.168.100.109. ISA/SBS IP is 192.168.100.10. -When i enabled "Demand-Dial Routing" for the RRAS PPTP Ports it had no effect and this option wasn't checked off after running the wizards, so I unchecked it after testing. -I also see: Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Result Code Error Information Log Record Type Log Time Destination IP Destination Port Protocol Action Filter Information Rule Client IP Client Username Source Network Destination Network HTTP Method URL Cache Information HTTP Status Code 192.168.100.103 KPSASBS - UDP - No 192.168.100.109 45 00 00 60 ea 7f 00 00 80 11 06 4b c0 a8 64 67 c0 a8 64 0a 00 89 00 89 00 4c 6e e6 8d 0b 79 00 00 01 00 ff 00 00 00 01 137 0 0 0 0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED 0x0 Firewall 7/26/2006 9:47:11 AM 192.168.100.10 137 NetBios Name Service Denied Connection - 192.168.100.103 VPN Clients Local Host - - 0x0 192.168.100.103 KPSASBS - UDP - No 192.168.100.109 45 00 00 38 ea b5 00 00 80 11 06 3d c0 a8 64 67 c0 a8 64 0a 70 29 00 35 00 24 80 f5 bc e3 01 00 00 01 00 00 00 00 00 00 28713 0 0 0 0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED 0x0 Firewall 7/26/2006 9:47:11 AM 192.168.100.10 53 DNS Denied Connection - 192.168.100.103 VPN Clients Local Host - - 0x0 (... I created an Access Rule to allow All Outbound Traffic from VPN Clients/localhost to localhost/VPN Clients.. but the above 2 denies still occur... although I also get an IP Spoofing alert from the internal IP of the VPN client instead of the External/WAN).. There was a rule in place that allows All Outbound from VPN/Internal to Internal/VPN but I haven't touched it yet. So is the IP Spoofing warning one I can disregard or is there something I need to do in ISA? .. or is it that ISA is detecting there is no route setup in the routing table to my VPN clients through 192.168.100.109? This is probably something really simple.. but i'm still learning (on chapter 9).. or something. Jonathon J. Howey MENSE Inc. P 780.409.5620 F 780.409.5621 D 780.409.5628 C 780.965.8363 Jonathon@xxxxxxxx Defining the Future of Industry www.MENSE.ca <http://www.mense.ca/>