> Yes that's what I have added. It is in 1 armed mode because when it is in > normal mode it detects a lot of false attacks etc and brings a lot of things > on my network to a halt. I don't need it to be a firewall only a VPN device. > I have specified my ISA server as its gateway so it should route from > internal. I can ping from it to the other side. I just need to know how to > route traffic through it when it is destined to the 192.168.1.0 from my > internal network. Did you try disabling all attach detections? I do not remember the syntax, but look into adding HOP information for that route. Also, you may have to add a static route to each internal workstation. Test it on one. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com