Hi all, Having an aventail box installed today and so far I have created a web publishing rule using SSL and all is working ok. I now have a problem in terms of one of the clients on the Aventail system, its called the OnDemand Agent. Basically internally any machine that accesses the Aventail box, the OnDemand Agent works fine. Externally however is where the problems occur. I have monitored the traffic coming through the ISA and when the Agent fails to load the following lines appear in the ISA logs: Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type 3/20/2006 2:01:53 PM <secondary firewall external IP> 443 HTTPS Denied Connection 139.92.218.116 External Local Host - - 139.92.218.116 <firewall name> - TCP - No - <primary firewall external IP> 45 00 00 28 65 60 00 00 79 06 18 b5 8b 5c da 74 c3 9d 9a 4c 08 92 01 bb ee ad d8 ab ee ad d8 ab 50 04 00 00 53 25 00 00 2194 0 0 0 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED 0x0 0x0 Firewall Sorry if above is a bit messy. To explain my setup, my external network card has multiple external IP addresses, but I am only publishing on one of the external IP's. If anyone can give me any clues, your help is much appreciated Thanks Paul Crisp Snr Network Support Analyst