The OWA rule and destination set were created by the OWA wizard. The internal company Active Directory name is companyname.LOCAL. The external DNS name is servername.companyname.COM. The Action Tab has servername.companyname.com. The destination sets have servername.companyname.COM as I said automatically created. There is a host entry on the Firewall server pointing servername.companyname.COM to the internal IP address which is on the exchange server (also a Domain controller) All this is without SSL as I just want to see it working first!!! Also my second question was why when using the default set of packet filters does ISA block any attempt to access IIS. So when I disable (actually I enable all protcols) it works? Shouldnt the publishing rule take care of this? I dont want to place and port 80 rule on the packet filters.