First of all, is this list a place for newbies to get help or is it only for seasoned pro's? If newbies can obtain help via this list, then here's my scenario... I have a simple, single domain, single subnet W2K network. I have 6 servers total and various servers run DHCP, DNS, WINS, Exchange 2000, Proxy Server 2.0 SP-1, IIS-5, etc. I am trying to implement an ISA 2000 Server. This is a brand new box. It has two NICs, one internal and one connected to a Road Runner Cable Modem which assigned IPs via DHCP. I have both my NICs setup properly - following the tutorial on ISAserver.org I need to allow the following services to run through ISA: Internet User -> ISA Server -> FTP Server Internet User -> ISA Server -> WEB Server Internet User -> ISA Server -> OWA 2000 from Internal Exchange 2000 Server IIS-5 (Not using SSL, but requiring Windows Authentication Internet User VIA VPN -> ISA Server -> Internal Network share Access (and to use Terminal Server to access Servers) requires Windows Authentication Internet User VIA pcAnywhere -> ISA Server -> Access any host running pcAnywhere, including host on the ISA Server Exchange/POP3 software [an email gateway (connector) that retrieves messages from Internet POP3 email accounts (IMAP also supported) and delivers them to Exchange Server] software on ISA Server that goes out to our ISPs mail server, downloads all emails into our Exchange Server box -> ISA Server -> Internet (in order for this to work, all I need to do is to be able to successfully TELNET to our ISP mail server on port 110) DynIP needs to work (software that automatically tracks dynamic IP addresses assigned by our ISP, so we can act like we have a static IP) When I make a web connection into my internal web server, i get to use http://name.dynip.com/website instead of having to manually keep track of the ISP assigned IP number. Internal User running Outlook Express -> ISA Server -> SMTP/POP3 to Road Runner ISP on Internet Internal User running AOL Instant Messenger -> ISA Server -> Internet Internal User running Weatherbug - > ISA Server -> Internet Internal User running MS IE 6.0 SP-1 -> ISA Server -> Internet Internal User running MS Windows Media Player 9 -> ISA Server -> Internet Internal User running RealOne Player 10 -> ISA Server -> Internet Internal User running Listen Rhapsody 2.1 -> ISA Server -> Internet Ok, I know it's alot, but that is my task. When I installed ISA Server, I created and enabled a protocol rule so that only our internal INTERNET USERS could access the Internet using all protocols, at all times, the ALLOW ACCESS (Sites and Content) was already there. This worked fine. I could access the internet with my web proxy clients and firewall clients. I even setup the ISA server so that it could access the Internet - worked fine. I next tried to setup the Exchange/Pop3 software, by trying to Telnetting out, but it would not work. Sites and Content has the rule ALLOW ACCESS, and I already have a Protocol rule setup to allow all protocols, all the time. I could not Telnet. Then I setup a protocol rule for Telnet, and created an IP Packet Filter and opened port 23 both directions, on internal and remote. No luck. Then I tried to make ISA server wide-open (everything flows freely) and it worked. I have no idea how to correctly configure this with security. I have setup the DynIP software correctly - they had a tutorial on their website. I tried to publish my OWA web server, but I cannot access it from the outside world. I have not tried/tested the other things I need to get working. Currently EVERYTHING works on my Proxy 2.0 Server when connected to Road Runner cable modem. (I move the RR connection from my Proxy Server to the ISA server when testing.) I have looked all over ISAserver.org, read numerous books and web articles, but have yet to find out how to do all this. I really want to get rid of my Proxy Server 2.0 and OWA 5.5 server (which runs on the Proxy box). If anyone can help, please do so. I would GREATLY appreciate it. (ISA Server seems more trouble than it is worth right now.) TIA, -Tom