Hi There again, As a continuation of the stuff we're doing here I've been trying to get our ISA2004 server to be a vpn gateway. Internet | Netgear 834 adsl router (nat'd) | ISA2004 | Lan That's the basic setup for the incoming connections. Initially we were connected via a leased line and cisco router rather than a NAT adsl router The router has pptp port open on it I followed through the steps on the isa vpn page to enable the vpn, I created a windows user group for the vpn users, I put an incoming pptp server protocol filter in place and created a subsequent outgoing vpn user filter. The vpn was set to provide an ip from the dhcp server on the internal network (192.168.blah) of which the isa servers internal nic was linked to. The client setup was wizard followed with ip set to dhcp. A custom lmhost file was created to mirror mail servers etc and imported on the vpn connection. We have approx 100 lan users and are wanting to support up to 5 vpn users at any one time. What I originally found on the leased line was that when the clients connected they would get a good connection about 2 out of 3 times, the connection would successfully be assigned an ip, it'd allow pinging of ips and all resources would be accessible, internal email server, sharepoint server etc. When the conection was no good althought it'd be assigned an ip all connectivity to the lan would not happen, no pings or nowt. Once we moved our isp from the leased line to the adsl router and having to add a periphery network element for the new nat network (realip - netgear - 10.15 network - 192.168 internal network), when the vpn client systems reconnected they'd authenticate fine, log onto the network, get an ip but no resources were accessible. The isa was responding slowly to pings on the vpn's ip and after 5 minutes of any client being connected to the vpn all lan users gradually began experiencing 'Error Code: 403 Forbidden.' messages when attempting to browse the web. The performance graphs show that the server isnt actually cutting connections, as a lot of users can still use the net for a period of time but if left alone it does eventually effect every user who trys to connect. Once this has happened all the isa services need to be restarted to allow the server to perform normally. No errors are reported in the log files There as been at least 1 successful vpn connection on the adsl line but this also resulted in the 5 minute limitation. Im at a loss as to why it seemingly worked fine on the leased line but seems to actually effect the lan use on the adsl line. Any help you can supply would be much appreciated Paul Noble