Hello, My network is configured like this: My ISA is Win 2000 adv.server NO A/D SP2. ISA is SP1. I have the internet, the firewall and then the local network (10.10.20.X). FTP access filter is enable. I put a Protocol rule with the FTP(protocol defined by ISA) allowing all people in the local network to access any FTP site. The Ip packet filtering is enabled but nothing is blocked. The ISA server got 4 IP on the same network card: 205.237.46.254, 205.237.46.227, 205.237.46.228, 205.237.46.240. (I think that the trouble is here...) The default external IP is 205.237.46.254 When a internal client (SecureNAT) is going on a FTP server on the internet and the PASSIVE TRANSFERS are enabled, they can connect, upload, change directory, ... but they CAN'T download anything. I checked the log of ISA and look what it did !!! It changes IP. Like if my ISA, when doing is NAT, wasn't putting the default external IP as source IP. So when the FTP server tried to send the file, it blocked... (FTP TRANSFER ENABLED IN WS_FTP95 LE) 2002-04-08 20:48:07 205.237.46.254 207.253.225.130 Tcp 11292 21 ALLOWED 2002-04-08 20:48:07 207.253.225.130 205.237.46.254 Tcp 21 11292 ALLOWED 2002-04-08 20:48:07 207.253.225.130 205.237.46.240 Tcp 1230 11295 ALLOWED 2002-04-08 20:48:07 207.253.225.130 205.237.46.240 Tcp 1230 11295 ALLOWED I tried to remove all IP but not 205.237.46.254 of my server's network card and it worked perfectly. Any patchs ? Métek Demers Administrateur réseau MCSE NT 4.0 Courriel: support@xxxxxxxxxxx Collège d'affaires Ellis Téléphone: 819-477-3113 Sans frais: 1-800-869-3113 Site Web: http://www.ellis.qc.ca