Hi Brian, That's the way it is suppose to be setup. The internal NIC on the ISA should have nothing for default gateway. Gary -----Original Message----- From: Brian McCann [mailto:bjm1287@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, January 22, 2002 19:42 To: [ISAserver.org Discussion List] Subject: [isalist] "Spoof Attack" problem http://www.ISAserver.org I've got a problem with a new ISA server setup. ISA is only installed for it's firewall capabilities and it's loging. The server is a DC and a web server (we have limited resources). It has 2 default gateways: one that goes to the internet and one that goes to our internal network router. The problem I'm having is that anytime I try accessing the server (via WWW) from the internet, I get an event in the App. Log that says it detected a spoof attack, and nothing loads. If I remove the internal gateway, it works fine. Anyone have any ideas aside from entering static routes (since there are about 100 of them)? I've already tried making the metric of the internal gateway 2 instead of 1, and it still don't work. Thanks, --Brian ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gary.anderson@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')