I would like to views of the list regarding this setup. We are installing broadband links into our network from employees houses to enable home working, all addressing used is private based on the 10.0.0.0 network. I want these PCs to use the internal DNS but only access a selection of hosts based on source ip address, each station will be given an static ip by dhcp using mac addresses. The services range from exchange (including calendars etc), some using custom ports like 1351 1356 and plain telnet (23). The homeworkers network would be classed as "internal" by the isa server and rest of the "internal" network will by classed as external for LAT. This senario would be quite easy using fw1 but I been told to use microsofts ISA server. The client will be using SNAT not FWCLIENT. Comments please.