Hi Everyone, My network consists of a front-end and a back-end. Nothing is strange about that. Every machine in the front-end DMZ has two NICs, except for the DCs. Machines in the back-end need connectivity with AD. The ISA Server has one leg in the front-end DMZ and one in the back-end class a. Client machines in the back-end use NAT IPs (class c) from the Cisco PIX. How can I join a client machine to the Active Directory??? According to Microsoft (http://support.microsoft.com/default.aspx?scid=kb;EN-US;q303503) you can achieve this by using VPN but that's sounds very sticky. Can it be done without VPN??? Regards, Michael Folin