The 192.168.2.102 address is being seen by the ISA external interface, so you have one of two things happening here: 1. your ISP is using that address space between you and their actual Internet access (possible) 2. someone is spoofing their source IP and is getting past your ISP routers (also possible) Either way, ISA is doing the right thing and telling them to bugger off. As far as the UDP-137 for AIM, that's name resolution fun (one of my favorite subjects). Two scenarios come to mind here: 1. AIM on a FW client 2. AIM on the ISA itself The common thread here is that the ISA server is likely to be the name resolver in both cases Lets say that AIM asks for a TCP-connection to 123.123.123.123. By default, ISA will try to resolve that IP to a real name so that it can compare it to any existing S&C rules (which are name-based). Since ISA uses existing W2K DNS functionality, the ISA IP configuration on each interface become critically important. If DNS functionality fails to provide a name, then you'll get NB entries in your log when W2K is forced to "dumb down" to WINS and NB name broadcasts. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Mark Strangways" <strangconst@xxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Sunday, March 17, 2002 6:39 AM Subject: [isalist] Re: Using applications on server http://www.ISAserver.org > I have no 192.168.x.x addresses in my network. only 10.x.x.x... > Not sure where it came from 192.168.xxx.xxx is meant for private address, > correct ? > > regards > > ----- Original Message ----- > From: "Jim Harrison" <jim@xxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Sunday, March 17, 2002 9:28 AM > Subject: [isalist] Re: Using applications on server > >