Good Morning Risun - I read your post a couple of times, I think I understand your setup, you have ISA as your Firewall, Web Proxy, you have another server running RRAS that connects both of your ISP accounts and establishes VPN tunnels to your branch offices, you are having trouble accessing the Internet from your internal private computers? Are we close? if this is correct, I think I would rearrange it a bit. I think I might do it this way, have your RRAS server span your internal net with your public IP address range, build yourself an Edge Router on your Private network so you can control routes coming from your Internal network and use this internal router as your private network's default gateway, your RRAS server will be used to connect your VPN tunnels to your branch offices and use your ISA server for your Firewall and Web Proxy services. Perhaps I may not have interpreted your explanation correctly, could you provide some more detail. -----Original Message----- From: Risun Antony [mailto:risuna@xxxxxxxxxxxxx] Sent: Wednesday, December 17, 2003 6:19 AM To: [ISAserver.org Discussion List] Subject: [isalist] ISA, VPN and Routing! http://www.ISAserver.org Hi All, I have a specific requirement and would like to know if this is practically possible and if so some guide lines. I have deployed an ISA box with a lot of help from the Guides and Articles posted here.All my internal network exists behind this box. Now i have two Internet Service Providers. I also have a remote site to which i require VPN connectivity. This is configured using a windows 2000 server and placed out side the ISA box. This box, which i will call the VPN box, has multiple NIC cards. One of the NIC's is used for local lan, one each for my two ISP's. My ISA box also has Routing enabled to direct all requests to my VPN box. My requirement is to be able to provide routing functionality on this server, such that i can selectively pass traffic through my ISP's. This i am able to do well enough on the VPN box. But my clients having a gateway to my ISA box, are in no position to take advantage of this routing. For eg: If i do a tracert for http://www.hotmail.com/ <http://www.hotmail.com/> from my VPN box, it does find the target. But when i do the same from one of my client machines behind the ISA, it finds till the VPN box and then drops all packets destined to the internet. But the packets to my remote network get routed to the VPN correctly. Thanx in advance. Risun Antony ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmaks@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')