Dear Thomas, My name is jags, I would like to have your expert advice and guidance to overcome the problem I am facing. Scenario: 1) I am trying to setup ISA server 2004 with a hardware firewall (fortigate), the hardware firewall is connected to the internet ,the internal interface of the Hardware firewall and the external interface of the ISA server are on the same network. 2) We have a branch office connected to us using IPSEC tunneling to get connected to the internal network, The tunnel is between the branch office router and the our office router. 3) With the introduction of ISA server at our end( head office) between the hardware firewall and the internal network , we have a situation wherein the ipsec tunnel from the branch terminates in front of the ISA server , which obviously means the branch office cannot communicate to the internal network, Unless something is worked out. 4) I have tried changing the network relation ship between internal and external interface if ISA server to route from NAT to achieve some results as a result of which the internal web proxy clients of the ISA server cannot connect to the internet. 5) I have gone through your notes having 3 chapters at ISASERVER.ORG , Which provides a solution wherein I can create new network between perimeter network and the internal and keep a route relationship but really doesn't work I would like to have your suggestion if there is a way of getting the packets from the IPSEC tunnel clients to the internal network of the ISA server, or is publishing the assets of the firm the only option. Eagerly waiting for your response. _____ From: Thomas W Shinder [mailto:] Sent: Tuesday, August 14, 2007 8:04 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Microsoft Security Bulletin MS07-049 - Important: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986) This is way we don't put Firewalls in VMs: Microsoft Security Bulletin MS07-049 - Important: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986): http://www.microsoft.com/technet/security/Bulletin/ms07-049.mspx <http://www.microsoft.com/technet/security/Bulletin/ms07-049.mspx>