I guess it all depends on how you have your networks setup (which is what prompted my other discussion). Sorry, I had deleted all the previous messages, so I don't remember the details. To summarize it, If you have one internal network NIC in the ISA computer, and all of your subnets are behind it, you need to add those IP ranges into the ISA Network Configurations, and add a ROUTE command to make sure those ranges are going to the right NIC. Or, possibly, increase the subnet mask to make the subnets included. Okay, there is a "little more" to it than that, but that will summarize it. If you have more than one internal network NIC in your ISA computer, you have to do things differently. That is where I haven't found any articles referencing that setup, I had to do most of it trail and error. Which one do ya got? The "Firewall Policy" part is only if you want to have different settings for different subnets. If you want all of your Internal networks to use the same settings, then don't worry about it. ________________________________ From: Paul Crisp [mailto:pcrisp@xxxxxxxxxxxxxxxxx] Sent: Monday, February 07, 2005 14:59 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Isa2k4 and IPSec VPN to Cisco Router http://www.ISAserver.org ok guys i thought i cracked it but now i'm slightly confused since reading Clints 'Network behind a network' document and also visited the discussion. In the document it states :- <-snip-> Can i now presume that i add my physically connected subnet to the 'Internal' network as well as my other subnets to the 'Internal' network, but i also create Subnet Objects for my other subnets and modify the Firewall Policy Access Rules to reflect these changes ? Sorry for being a dumb a$$ Paul