Challenge: ISA 2004 VPN client is unable to connect to additional ( 172.16.0.0/16) network via LAN (192.168.0.2/24) default gateway supplied by LAN DHCP server. ISA Internal NIC: 192.168.0.250 ISA External NIC: 123.123.123.123 (i.e Public IP) Default Gateway IP on LAN: 192.168.0.2 Router IP connected to 172.16.0.0 Network: 192.168.0.3 (static route on DGW for 172.16.0.0 network points to this router) DHCP supplied VPN client: IP: 192.168.0.150 Default Gateway: <same as above> VPN client pings 172.16.0.10 IP, result is request timed out. Traceroute times out with unlabeled (*) network hops. VPN firewall policy permits All Outbound from VPN Clients to All Protected Networks. I am thinking I should create a new Network definition and update the policy and/or ensure the new network is included in the All Protected Networks definition. I am reviewing <http://www.isaserver.org/articles/2004netinnet.html> and < http://blogs.technet.com/sbs/archive/2007/11/29/network-behind-a-network.aspx>, trying to figure out what options or what would be the best practice on how to configure ISA and/or the network to accommodate this requirement? Thank you for your assistance.