I'm motivated alright, just want this problem out the way ! Do you mean the ISA 2004 VPN Deployment Kit rather than the ISA 2000??? Ps Thanks for the quick response Paul Crisp Snr Network Support Analyst From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: 06 November 2006 13:32 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Please help !! - ISA2004 SP2 / VPN Problems DDNS of the ISA Firewall's RAS interface in your internal DNS. Worked out in the ISA 2000 VPN Deployment Kit and other articles on the ISAserver.org site years ago :) I don't recall the exact location, but if you're motivated, you'll find 'em. Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- Microsoft Firewalls (ISA) ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Paul Crisp Sent: Monday, November 06, 2006 7:27 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Please help !! - ISA2004 SP2 / VPN Problems Hi all, I really need your help on this as my brain will explode soon....... Background: Originally we were running ISA2004 SP1 on Windows 2000 box and had remote workers VPN into the system without a problem and gaining access to the local network the ISA box was connected to and also some other networks within our LAN. I had to setup a new ISA box, because I wanted a faster process, more memory and more disk space. I setup the new box ISA2004 SP2 on Windows 2003 SP1 and the configuration is exactly the same as the previous ISA box. Everything was working fine, internal clients can browse the internet, email is coming into via the ISA box no problem and published web servers are working as well. The only problem I have is some (not all) VPN clients, connect to the ISA box successfully but they cannot access any internal resources. The flip side to this, is that when these people connect the internal clients lose access to the ISA internal network interface (you cannot ping or anything). As soon as the VPN client disconnects, the internal people get ping response and can then obviously use the internet as before? I have looked on the isaserver.org forum and tried something's but all to no avail. Can anyone give me any pointers to where I should be looking, as some remote people VPN without a problem and access internal resources without a problem??? Network information: ISA Box - 2 network interfaces (1x external, 1x internal) RRAS - Setup for DHCP and to use same range of IP addresses as internal interface VPN network rule setup for Route not NAT VPN access rule setup for all outbound protocols and access from external to internal Client information: Have got the client to try in split-tunnel mode as well as non-split tunnel mode..... same results Please please help me J Paul Crisp Snr Network Support Analyst