Goal: VPN into LAN and connect to pcanywhere host on the LAN from Internet. Network: Internet | | (Static public IP) Watchguard with PPTP vpn ports forwarded via static NAT to external (192.168.2.2) NIC ISA server | | V ISA External NIC - 192.168.2.2 | | SBS 2003 Server with two nics (one 2.2, and one 1.100) | | V Internal NIC - 192.168.1.100 | LAN | pcanywhere host 192.168.1.150 Internet VPN client can connect to the VPN, but cannot ping or pcanywhere to hosts on LAN. When a laptop is plugged into the .2 network (on the external side of ISA, but behind the Watchguard), VPN's in, the laptop can connect to pcanywhere host. Q1) How can eliminate an ISA mis-configuration/oversight from this troubleshooting process? I did setup RRAS and ISA following the MS help docs. Q2) If the Internet clients can "connect" to the VPN through the watchguard, what could I be missing? Q3) By default, what type of traffic is allowed through a standard Windows Server 2003 RRAS VPN and ISA 2000 FP1 SP2 setup? Should I not be able to ping hosts on the LAN? Thank you, ...D -- CPDE - Certified Petroleum Distribution Engineer CCBC - Certified Canadian Beer Consumer