Thanks for the responses. I do think they are using source-IP validation, and I have tried to make them understand it may be part of the problem. I didn't really think that the problem was with the ISA firewall, but was wondering if anyone else had run into it. The problem comes and goes, and I continue to work with the state's IT staff. I think it is their firewall, but can't prove it to them yet. Thanks again. Chris From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Wednesday, August 08, 2007 9:16 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Anyone with experience getting F5 Network's Firepass to work through ISA 2004 Ask if they use source-IP to validate the user connection. Many banking sites still do this, even though it's invalid. Because the connection uses an SSL tunnel through ISA, all ISA knows is that the connection is made & broken. You'll have to work with them live to sort this out. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Chris Addicks Sent: Tuesday, August 07, 2007 11:23 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Anyone with experience getting F5 Network's Firepass to work through ISA 2004 I have internal clients that need to access the state of Georgia's secure site via a SSL-VPN. The state has chosen to use F5 Network's Firepass product to create a SSL-VPN. The tunnel seems to be created OK, but communications with the host via the tunnel is very inconsistent. I have been trying to work with the state's support personnel and they have tried to help, but so far we have had very poor results. At this point, I don't know if the problem is on their end or mine. I created a rule allowing HTTP and HTTPS from my internal network to their specific hosts, with all users allowed. The logs indicate the tunnel is established, but it is closed almost immediately. I have attached a sample of the log, all this activity is from a single internal client computer trying to establish and use the SSL-VPN. Anyone else working with Firepass and having success? Chris All mail to and from this domain is GFI-scanned.