we have ISA 2004 at our Head office and the clients are just setup use web proxy . we have stores all over Australia and New Zealand. When they are trying to get to GE Credit line which is https://merchant.gemoney.com.au/eClassAus.nsf/msgs?OpenformHPPS some of them are getting the popup for windows logon. they are not part of the domain. They have a Cisco router at each shop which is setup to VPN back to the Head office. If we change the rule to allow access to all sites then the popup goes away. We have the same local users setup at the shop as we do on the ISA computer