Hi Eric, Those doctors certianly can be a pain ;-) I'm not clear why split tunnel would be a problem in this situation. Who are the VPN clients and where are they located? Are they located behind a firewall under your administrator control? Thanks! Tom -----Original Message----- From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx] Sent: Thursday, December 04, 2003 12:31 PM To: [ISAserver.org Discussion List] Subject: [isalist] Split Tunneling http://www.ISAserver.org Ok, I've been researching this quite a bit, but am having trouble convincing my superiors that this is a bad idea. We have a university that wants to have an always on vpn tunnel (access to their inside and to the internet at the same time) from us to them to allow doctors to access their internal web library. I've already setup ISA to talk to their squid to allow authentication requests to pass, so I don't see the need and think it would be a huge hindrance to our corporation to allow this tunnel to exist. I've ran out of ammo and would appreciate anyone's thoughts and suggestions. (final note, they want this to occur via cisco vpn concentrators on both ends. So instead of a single workstation being able to connect, all 3000 pc's would have the ability) _______________________________________________ Eric Poole IS Security Analyst Community Medical Centers 1140 "T" Street, Fresno, California 93721 559-459-6784 (phone) 559-459-2045 (fax)