Hello, I just set up my ISA Server for inbound VPN calls, as per http://www.isaserver.org/tutorials/Configuring_ISA_Server_For_Inbound_VP N_Calls.html. Everything works but my concern is security. All anyone need do is guess an authentic domain username/password and they are "in". Not even the domain name is necessary. Is there a way to secure this authentication? Thanks. Mark