Hi Elvin, Here are some issues that pop immediately to mind: 1. your packet filter will not affect internal host traffic; you need protocol rules for them 2. even then, the packet filter is defined incorrectly; it should be remote port 80, not 25 3. you've applied an internal IP to a packet filter; it won't work as described in #1 If you want this to work, you'll have to: 1. apply the client address set to an "Allow" HTTP protocol rule 2. make the IP-A client a secureNAT or Firewall client 3. set the HTTP redirector to forward web requests directly Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Elvin Chong" <elvin.chong@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, April 10, 2002 12:54 AM Subject: [isalist] Help!! Authentication Question?? http://www.ISAserver.org I'm fresh in ISA please help me solve the below problem. Currently i set the Outgoing web request to Basic and Integrated mode and checked Ask Anauthenticated user for identification. The LAT is set properly for all the internal IP address range. The Question is: I create one client set for this particular IP Adress A and set the protocol rules to allow All Protocol for this IP Addr A and create IP packet filters for Allow outbound request to HTTP (setting: Filter type tab->Custom->TCP->Direction=outbound->local port=Dynamic->remote port=fixed->remote port number=25 and local computer addr=IP Addr A)for this IP Addr A. When this client does not set any proxy setting(include automatic proxy setting is unchecked) for its IE5 and above version, thus it allow to access the internet?? Any idea to avoid pass through the authentication and allow access to the web site? When i does not set the proxy setting, the IE5 will display err 407-forbidden. Thanks! ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')