I have ISA installed on W2KS in firewall mode as a member of an NT4 domain with a public TCP/IP subnet. I have a non-routable subnet behind the ISA Server which is a W2K AD domain. I want users to have authenticated access to the Internet from SecureNAT clients and/or Web Proxy clients. So, I want a one way trust. The NT4 domain trusts the W2K AD domain. This way ISA will authenticate users in the the internal AD domain. BUT...... When I try to add the internal W2K domain to the trusted domains on the PDC it cannot find the internal W2K AD domain, either before or after ISA is installed. If I think about this, that is as I would expect. How would the NT4 PDC find the W2K AD domain? BUT... Page 93 of Configuring ISA Server 2000 actually refers to explicit one-way trusts between the ISA Server domain and each of the other individual domains. It also visualizes the situation in figure 2.5 SO.... What am I missing? Or.... Can this not be done when ISA Server is in an NT 40 domain? Thank you for your assistance in advance. Stephen D. Pidgeon