Here's the main reason. I have 30 web servers. I would like to use web publishing to consolidate them into one virtual web server. I don't want to use web proxying or have a split DNS. I don't want to have to change anything on the end-users machines. I have better things to do the convince 500+ users that if they want to look at my department's web server they need to use an internal address when they are at work and an external address when they are elsewhere. However due to anti-spoofing which I think should be configurable I can't do this. Instead I have to screw around with proxying which means modifying hundreds of machines rather than just one (the ISA server). Having worked with other firewall products I can not understand what possessed Microsoft to make Antispoofing non-configurable. Bill -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx] Sent: Saturday, December 15, 2001 5:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Why can't internal clients access a published TCP server? http://www.ISAserver.org This may be a dumbass question, but, why would anyone want to access an internal server via the internet side of ISA. Steve Steve Moffat Senior Support Analyst Optimum Computer Solutions Tel : +44(0)141 570 1283 Fax :+44(0)141 584 9479 Mobile : 07711 074 605 <http://optimum.mine.nu/> http://www.optimum.mine.nu <mailto:steve@xxxxxxxxxxxxxxx> steve@xxxxxxxxxxxxxxx