Since you want ISA to treat the RRAS server as the upstream device, you'll have to change your network a bit. You'll be creating a perimeter network between ISA and the RRAS box, since they share a common network - the LAT. Add a NIC to the RRAS box and give it a whole new RFC-1918 subnet. Change the ISA external subnet to match the new RRAS subnet and connect them together. Use the RRAS IP as the ISA default gateway. What your internal clietns will do is to use the ISA as their defult route and then that traffic will be passed to the RRAS box for distribution. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Wed, 17 Dec 2003 20:51:23 +0530 Risun Antony <risuna@xxxxxxxxxxxxx> wrote: http://www.ISAserver.org Hi Jim I just have the Routing enabled on the ISA. You mean my private Lan card on the ISA box must have a default gateway, and that should be the IP address of the RRAS box? Thanx in advance. Risun Antony From: Jim Harrison Sent: Wed 12/17/2003 8:16 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: ISA, VPN and Routing! http://www.ISAserver.org You say you "have routing enabled" on the ISA. Does this mean that the RRAS server is the ISA default gateway, or have you just enabled IP routing in ISA? ISA must use the RRAS box as the default gateway to the Internet if it's to route properly. Your ISA ISAInfo (http://isatools.org/isainfo.1.9.5.zip) and the RRAS box ipconfig/all output will be very useful. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Wed, 17 Dec 2003 16:49:17 +0530 Risun Antony <risuna@xxxxxxxxxxxxx> wrote: http://www.ISAserver.org Hi All, I have a specific requirement and would like to know if this is practically possible and if so some guide lines. I have deployed an ISA box with a lot of help from the Guides and Articles posted here.All my internal network exists behind this box. Now i have two Internet Service Providers. I also have a remote site to which i require VPN connectivity. This is configured using a windows 2000 server and placed out side the ISA box. This box, which i will call the VPN box, has multiple NIC cards. One of the NIC's is used for local lan, one each for my two ISP's. My ISA box also has Routing enabled to direct all requests to my VPN box. My requirement is to be able to provide routing functionality on this server, such that i can selectively pass traffic through my ISP's. This i am able to do well enough on the VPN box. But my clients having a gateway to my ISA box, are in no position to take advantage of this routing. For eg: If i do a tracert for http://www.hotmail.com/ from my VPN box, it does find the target. But when i do the same from one of my client machines behind the ISA, it finds till the VPN box and then drops all packets destined to the internet. But the packets to my remote network get routed to the VPN correctly. Thanx in advance. Risun Antony ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: risuna@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')