Hi Jim, I know it came out wrong in the explaination, and sorry for the repeated statement. The reason why I ask this question was that I visited this March at the Fairmont Royal York in Toronto, Ontario and the Hilton in the subburbs (no, I don't have SARS). They had thier internet serviced by Cisco, in each room. a small cisco router (this was at the Fairmont, I forgot what model it was, but the Hilton just provided cat5 cable) but once connected to it, you are automatically connected to a webpage (this is the hotel's service aggrement and internet access choices). You have a choice to either be behind a firewall with a private ip or a public ip with no firewall protection. I thought this was a good idea to provide such a service and delegate the two types of configurations to the guest and contractors with no administration needed but I don't quite understand how this can be done? Is this a good practice or not? -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, May 28, 2003 9:17 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: ISA Design Question: Best Practice http://www.ISAserver.org The required lack of tasking makes this impossible. Are you sure you're not willing to do something besides wiggle your nose? ;-) Two relatively simple options: 1. give them a VLAN on your external switch and tell them that they're completely exposed. 2. hand each one of them their assigned IP settings via script and use Client Address Sets. Also, make sure your routers know that these IPs can only see a path to ISA and DNS (so they can find ISA). Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.