Hi there Instead of posing my problem scenario, let me just ask the following: (All IP Addresses have been changed to protect the innocent) If I have an internal network using a Public Address range 123.123.x.x and I have my ISA Server accepting VPN connections on the ISA's external Interface 200.123.200.123 and I tell RRAS to assign IP Addresses to VPN Clients from a Pool of addresses setup within RRAS 123.123.123.1 - 123.123.123.255 Will this cause a problem on my ISA Firewall? As I have it, my ISA should get confused about where to send VPN traffic and then where to send normal Internal LAN traffic? But that is not the problem, my VPN connections work like a charm. The problem is that when I connect via VPN I get many ISA Alerts such as: - ISA Server detected a change in the IP routing table of the computer. - ISA Server detected a change in the IP addresses of the computer. - ISA Server detected that network interface card (NIC) WAN (PPP/SLIP) Interface, with IP address 123.123.123.1, was disabled. - Microsoft Firewall failed. The failure occurred during Initialization of reverse Network Address Translation (NAT). (This message appears for each Server Publishing rule that I have) And when this happens, all of my other outbound Firewall Connections fail. E.g. All Server Publishing, SMTP Mail, Outbound SAP links. All Web Proxy connections work like a charm, it just appears that the Firewall Service has got a bit stuck. To resolve this I need to restart ALL ISA Services, not just the Firewall Service. Can someone perhaps conclude whether the IP Addressing that I am using could be the major cause of my problems? The thing is I can only test again after hours so I am just trying to get my bag of tricks filled with some ideas from you guys before I tackle the problem later. Cheers William R.