Yes, it's true (I'm beginning to think that ISA and VPN don't play well...). So, imagine this scenario: ISA SERVER ---------- -SP1 -Integrated mode -PPTP through ISA firewall allowed -Site and Content Rule that requires authentications for all destinations -The Web Proxy is not configured to ask for authentication CLIENTS ------- -Simultaneously SecureNAT/Firewall/Web Proxy -IE 6.0 SP1 Everything works well when clients are browsing the net, BUT... When a client makes a VPN connection, he (she) is still able to make Terminal Services connections to the outside, do DNS resolutions, etc (the protocol rules are OK, so I think there's nothing wrong with the Firewall Service). The problem is that browsing with IE is no longer allowed. The ISA Server comes up with this message: The page cannot be displayed [...] 403 Forbidden - The ISA Server denies the specified Uniform Resource Locator (URL). (12202) Internet Security and Acceleration Server I already tried to look at the logs and I can't see anything wrong. I even used a network sniffer, but with no results. What is going wrong here? Txs.