Ok here is the scenario. 1. Internal Network is all running with IPSec. 2. Trying to setup ISA to act as firewall for the network 3. ISA is installed on a server with IPSec enabled on the NICs The question I have is this all possible? Or is there something I am over looking here. Now I have set up a simulation of all this in my lab for testing. There is an AD with 5 workstations, an ISA server with 3 workstations with IIS running on the other side of the ISA. I have enable IPSec on all machines on the inside of the network like we want, and no IPSec on the machines simulating the Internet. Suggestions are always welcomed. Lewis Brewer