Hi Don, When I have control over things (which is rare), I don't allow outbound VPN connections from the private network. Why? Because that client becomes a link between the remote network and my network. I have no control over the security policy on the remote network, and I don't know what this VPN client is transferring from their network to mine, and what its transferring from my network to theirs. ISA Server doesn't not examine communications going to a VPN link, so you have no idea what's going on. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Don McCall [mailto:DMcCall@xxxxxxxxxx] Sent: Thursday, March 27, 2003 6:45 PM To: [ISAserver.org Discussion List] Subject: [isalist] PPTP through the ISA server http://www.ISAserver.org Hi, I have the ISA server set up to allow PPTP to the outside world. It works well as I often connect to my home network using this. We use DHCP here at work and we use the ISA to authenticate out going traffic. I have inadvertanly discovered that I can VPN out on ANY computer that is NOT a part of the Domain. While the security implications are relatively small there is an issue with bandwidth being used. The ISA is the default gateway. The connection does not show up on the ISA server I cannot find an indication of the connection any where, but it is. Is there a way of stopping this?? Am I missing something simple?? Thank you for any assistance or advice that you can give on this. Regards Don McCall Systems Administrator Baptist Community Services Phone 02 9941 6049 Email dmccall@xxxxxxxxxx Fax 02 9889 1520 This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of Baptist Community Services. 2 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')