I know what you mean, I was looking at that article when trying to design my network, and mine ended up being much more complex. Jim, you should do an update of that article to show multiple Internal NICs also. ________________________________ From: Paul Crisp [mailto:pcrisp@xxxxxxxxxxxxxxxxx] Sent: Monday, February 07, 2005 09:19 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Isa2k4 and IPSec VPN to Cisco Router http://www.ISAserver.org thanks for the reply Jim. I have looked at the complex network setup and ours config is even more complex !! At the moment, i'm trying to ping from a client that is on the same subnet as one of our ISA firewalls (this is the one that i am testing ipsec on). Basically we have three offices all with leased line connections to them to give a triangulated setup. From there, two of the offces have 1x leased line connection (each office) to our ISP. At the moment, the office that i'm located in we have ISA 2000 and in the other office we have ISA 2000 on the live network and ISA 2004 on our testing network. Between the offices we have routers (obviously) and each offices clients default gateway is setup to be the router as we have a lot of cross traffic. Where ISA 2004 is (office A) i want to be able to ping from client in office A across the IPSec VPN to the remote locations internal machines. Are you saying that i would have to switch all of my clients to point to their local ISA server as a default gateway for any of this to work ? Paul