Hi Glenn, I think where I was misinterpreting things was that I thought you mentioned controlling by IP address when TS is listening on the INTERNAL interface. When you create a packet filter on the external interface, or even when you create a Server Publishing Rule that allows inbound access, you can control the source IP address that connects, and that is a good security policy, since it deals with dictionary, brute force, and other unplesant attacks :-) Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Glenn Maks [mailto:gmaks@xxxxxxxxx] Sent: Thursday, September 18, 2003 1:10 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA server cannot connect to Internet http://www.ISAserver.org Thank you Tom, I stand corrected or at least over looked the Packet Filtering, the reason why TS was not responding on my Public Interface because I did in fact have Packet Filtering enabled because I do have established L2TP Tunnels between other ISA servers .. as far as locking down to specific IP addresses, could you not create a custom packet filter specifying addresses for TS services ? -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, September 17, 2003 7:31 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA server cannot connect to Internet http://www.ISAserver.org Hi Glenn, Terminal services, by default, listens on all interfaces. If packet filtering is enabled, then the external interface won't accept incoming RDP connection requests. However, if you publish terminal services, then you need to configure the TS to listen only on the internal interface. In that case, there is no mechanism that I'm aware of that allows you to control what IP address can connect; however, that's a none issue because you have to authenticate to connect. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp