You have three options: 1. establish user authentication for each restricted page on each web server (real or virtual). 2. set up destination sets for each internal web site that you want authenticated, create web publishing rules that use those destination sets and use the "applies to" tab to limit access on a per-user/group basis. 3. do both Between ISA requiring user authentication and each web server also requiring user authentication, you'll be secure internally as well as externally. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the book! ----- Original Message ----- From: "Vinaykumar G" <G.Vinay@xxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, January 03, 2002 02:44 Subject: [isalist] Web pages http://www.ISAserver.org Hi all, I need a small help from all of you. I have installed ISA server in Firewall mode and have enabled web publishing which is working pretty fine. The webserver is NT 4.0 IIS which is being published by ISA server using Web publishing rule. Since we need to maintain security we have enabled authentication before accesing the web page using ASK authentication for users in ISA. Now, Our webpage contains many departmental links like HR,Marketing and others, once the user is authenticated by the firewall every one can access all the links in the web page, we want to restrict the links in webpage using user authencation like user from Marketing dept. should be able to view the main page but should not access the HR link and like wise.. Can u please help me in this regard, is it possible to configure such thing in ISA. Please inform me. Regards, Vinay. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')