The plot thickens: Here is the config: From my desktop via ISA via Checkpoint on to the internet to a remote ISA publishing 4 separate OWA, several IIS5 web servers requiring authentication. I have two XP machines. 1) They can both access everything when I untick to use the internal ISA in IE6 and go via the Checkpoint - cool! 2) If I tick to go via the proxy, access to anonymous pages works just fine - from both machines. Here is when is gets weird: From the desktop, as soon as I try and access something requiring credentials, it fails without prompting me and says For IIS5 web folders 'access denied due to ACL on resource', for OWA is just says 'Access Denied' top left (doesn't look like a IIS error page) From the laptop going through the same proxy, accessing the same sites, using the same credentials - I get prompted and can access the resource !!! Help!!!! Tom. http://www.ISAserver.org Hi Tom, The problem is that the Internal ISA Server needs to be be configured in such a way that the ip packet reaching to the checkpoint firewall needs to be allowed to go out and connect to the other isa server. make a policy in such a way that the local isa server is configured for all ports(i.e., all ports needs to be open) and then check out. else if this scenario is not working then remove the isa server in your local network and then use it. The main problem is the authentication of the packet coming from internal network to the local isa server and then to the check point firewall. Regards Venkata Ramana -----Original Message----- From: Tom Soulsby [mailto:tom@xxxxxxxxxxxxx] Sent: Wednesday, April 10, 2002 4:30 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA to ISA Authentication conundrums http://www.ISAserver.org Hi guys, Can anyone suggest the 'best' configuration for ISA to ISA authentication ? Here is the issue: From my desktop via ISA via Checkpoint on to the internet to a remote ISA publishing OWA, doesn't work I get access denied ? Same for access webfolders, anything that requires authentication. Access is via standard HTTP. Same path as above but remove ISA, it works just fine which suggest the remote ISA/OWA is configured correctly. Desktop via Checkpoint via Remote ISA to OWA/Etc. - Works OK!! These issues only appear when it's ISA to ISA - any suggestions appreciated. Tom. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ramana_suggula@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ************************************************************************** This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is appreciated. ************************************************************************** ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tom@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')