The answer is: - it depends... Case 1 - the FWC is configured to "automatically detect": the FWC will seek out the ISA it last knew of and if that fails, it will try auto-detection (wpad). If that also fails, FWC will self-disable, but retry every so often. This leaves the WFC host acting as a SecureNET client. Case 2 - the FWC is configured to use a specific ISA: the FWC will attempt to contact that ISA and if this fails, will block non-local-subnet Winsock traffic completely. What this boils down to is if your cross-VPN name resolution sucks, so will the client experience. -----Original Message----- From: Greg Mulholland [mailto:greg@xxxxxxxxxxxxxx] Sent: Friday, January 28, 2005 2:04 AM To: [ISAserver.org Discussion List] Subject: [isalist] Firewall client with vpn http://www.ISAserver.org Howdy Hypothetical question posed to me before! If a client has a laptop and has the firewall client installed and is primarily a VPN user, if he/she/it returns home and wishes to jump on their home net connection, will the firewall client have to be disabled. Moreover, if the ip addresses have changed on his laptop, will the firewall client just 'barf' and they will be able to connect without disabling the firewall client. I don't have the means to test it right now so I guess I need some help :) Thanks Greg ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.