OK - I know the practice is bad... don't blame the tech here... I have two offices that purchased W2K3 and ISA 2004. Their intent is to have one domain with a VPN tunnel between the two offices with AD replication between the two servers. Both servers will do DNS, DHCP, SUS, and basic AD. I'm pulling my hair out trying to figure out how to do this with ISA 2004. I know this is the "preferred" way to do it in SBS (which I discouraged them from buying all together - as they'd only get one DC out of it). I have figured out how to get the DHCP to work (again - all these services are on the same ISA 2004 box) - but can't get the rest to work reliably. Any suggestions? Thanks, Shawn