Here is my network setup: Internet | | Cisco Router --------------------------------------------------------------------- | | | | | 192.168.0.0/16 | ISA 2000 ----------------------------------------------------------Netscreen VPN gateway box | 10.10.10.1 (internal NIC) | Internal network (private) The second external ISA NIC connecting netscreen: IP: 192.168.0.1 Mask: 255.255.0.0 Gateway: <nothing> DNS: <nothing> Default Gateway is configured on the NIC that connects to CISCO router. IP:203.x.x.x mask:255.255.255.0 Gateway: 203.x.x.1 Netscreen interface connecting to ISA is 198.168.0.47 My LAT only has 10.10.10.1 - 10.10.10.254 I have a static route in ISA's routing table for the customer?s site as follows: IP: 168.x.x.x <--> Mask: 255.255.255.255 <--> gateway: 192.168.0.47 <--> Interface: 192.168.0.1 With this setup, I am getting the spoof attack warning in the event log. Went over a KB article, but couldn't understand why this setup would be a problem. Other than that, my VPN connection works fine. Also, is it safe to assume that if I don't have the 192.168.0.1 - 192.168.0.254 range in LAT, ISA considers it as external network and applies all policies and rules as any other traffic from internet connection? (Want to make sure that it doesn't simply NAT) Thanks for your help! __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com