Thanks, I had suspected something like that. I even disabled the FWC at one point, but it didn't seem to make a difference. Does it have to be completely uninstalled to disable it? I remember a problem like that with the Proxy2 client. -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, March 30, 2005 15:34 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Cisco VPN Client http://www.ISAserver.org Hi Dan, This is normal for FWC apps. A1 - both the FWC and the Cisco VPN client are Winsock Layered Service Providers (herein referred to as 'LSP'). What LSPs do is accept traffic passed to Winsock and "do their thing with it", each in their turn as registered in the Winsock catalog. In the case of FWC and CVC, they redirect the traffic to the destination they deem appropriate *if they get the traffic to begin with*. Since the FWC: 1. is registered first in the Winsock catalog 2. the traffic is for a non-local subnet 2. has no policy stating otherwise ..it directs the SQL traffic to the ISA for further processing. Thus, the CVC never sees the traffic. A2 - use the ISA logs, Luke - query for SQL traffic from that client. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -------------------------------------------------------