Joseph, Destination sets you need because of following : Let's say your ISA-server is known on the net as 'ISA.yourdomain.com', and you have 2 internal webservers (one named 'admin' 192.168.0.2 and the other 'intra' 192.168.0.3). To have the external request redirected correctly, you need to understand what happens. First of all ISA looks at the arguments which are in the headers of the request. (f.i. http://isa.yourdomain.com/admin/index.html). You will have to tell ISA that /admin/index.html has to be tranferred to the admin-server on your internal network. The other request (f.i. http://isa.yourdomain.com/intra/index.html) has to be transferred to your intra-webserver on your internal network. This is done by defining destination sets. So the first set would be : 'admin-rule': isa.yourdomain.com/admin --> /admin/*, 'intra-rule': isa.yourdomain.com/intra --> /intra/*. Now you will have to make entries into the publishing rules. For the first rule to work, you will have to tell ISA to redirect the requests with the 'admin-rule'. This is done by specifiing a new web-publishing rule: 'admin-publish': destination= 'admin-rule', action= redirect to 192.168.0.2, bridging= default, applies to= users & group (to protect it). The second rule looks the same: 'intra-publish': destination= 'intra-rule', action= redirect to 192.168.0.3, bridging= default, applies to= all requests. But now there is something tricky. Let's say that the request is http://isa.yourdomain.com/admin/intra.html. ISA will redirect the request following the above rules, so it will redirect it to 192.168.0.2. OK so far ! But the request will look like this : http://192.168.0.2/admin/index.html! Notice the .../admin/... part! This means that documents places in the root of 192.168.0.2 can't be accessed! I haven't sorted this out (yet) ;-) but it works fine. I hope this explained the existance of destination-sets ? Have a great day. Frederik