Hi Derek, When you use network monitor on the external interface of the ISA firewall/VPN server, do you see the incoming VPN connection? If not, it could be a DSL MTU/BH router issue. You can confirm this by connecting a client on the segment directly connected to the external interface and trying a VPN connection from there. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Derek Taylor [mailto:d.taylor@xxxxxxxxxxxxxx] Sent: Tuesday, February 10, 2004 9:49 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: 403 forbidden & Client VPN http://www.ISAserver.org No I'm using static addressing on both interfaces. No dial-up is involved. The server is connected to the internet via a 4Mb pipe and the client connects to the internet via ADSL. One thing that did occur to me is whether I should be connecting to the ISA server or through it (to another server) with the VPN. Also, I recently noticed that when the incoming web requests are presented with the 403 error, clients coming in to OWA and our intranet server can get through. There are three different servers (aside from ISA) involved here - OWA and SMTP on one server, web site on another and intranet on another. I realise that I might not have made this look very clear so I hope you can pick through it. Thanks ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')