Hi Vinay, I am attempting to find the exact same answers you are and this is what I have been told. Yes you can use VPN to hit your internal network, but only under 2 scenerios. 1. Firewall is added to your internal networks domain. 2. You setup a back to back DMZ with ISA servers. I dont like the idea of adding the firewall to the internal domain - scares the *&^% out of me and I am not able to setup a back to back DMZ at this time to allow for a more robust approach to allowing users onto the internal network. What I have been able to do so far is this and trust me - it is not the way I want it, but it works. 1. Allow your remote users to VPN to the ISA Server which is NOT part of your internal domain. 2. Once the user connects and authenicates to the ISA Server via VPN - he/she can now map to any machine internally by using IP address of machines (or use a WINS server to resolve IP's to NETBIOS names). When they make a hit on the internal machines, they will be prompted for username and password (if you are using Windows NT or higher clients) and they can log onto them that way. This will work for simple file transfers etc., but if you need to connect to Exchange ETC - then thats a different story and it is not a nice way to do it. So you pretty much have 3 choices 1. Add the ISA to the internal domain - VPN to ISA and your are authenicated to internal domain. 2. Build a back to back DMZ of ISA servers - (if you have Tom Schinders book - ISA Server 2000) it will give a brief explaination on how to do this. 3. Keep the ISA off the internal domain - allow users to VPN to ISA Server and map to internal machines as described above. That pretty much sums up your options. If I am wrong on my understanding of this - please someone let me know - but I need to accomplish the same thing and I am sure alot of others need to also. Later Paul -----Original Message----- From: Vinaykumar G [mailto:G.Vinay@xxxxxxxxx] Sent: Friday, January 04, 2002 2:07 AM To: [ISAserver.org Discussion List] Subject: [isalist] Access the Internal Network http://www.ISAserver.org Hi All, we have ISA (integrated mode) on the edge of our network on a win2k as a standalone server. Webpublishing,ftp, sql are working fine, we have another requirement that some users will be on the travel and other users from their home would like to access the Internal Network. Earlier they used to use RAS on NT 4.0 PDC, but since the users are increasing we would like to implement other solution for this. Is VPN the solution or someother way. I understand VPN would be used to connect from main office to branch office but our scenario is something different as users want to access the network from thier home and on travel. Please advice as what configurations have to be enabled on ISA to make this available. Best Regards, Vinay. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: phillen@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')