-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 12:47 PM 4/3/2002, you wrote: >http://www.ISAserver.org > > >We would like to give our users access to our internal Terminal Server >Cluster from the internet. > >We would like to authenticate the users at the firewall before allowing >the connection to port 3389 to go through to the published Terminal >Server. Not exactly the answer you were looking for, but I would suggest you require access via VPN. That way, you can get the authentication you want, and 'double' encrypt the channel. If you know the IP's of the users that you will be giving access to, you could also leave the model as you have it and limit the IP's that can publish to the internal TS cluster... hth AD -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPKuCJIhsmyD15h5gEQJ+ZwCgoT5QVbo8+uk50PNFTsBXePH3XLYAoPSv 1vSI0nm7S74WXUeDMabJaE2H =otmR -----END PGP SIGNATURE-----