Hi, we want to establish an internal ISA-VPN-Server behind an external ISA-VPN-Server. To do this, i read the Dokument "Configuring VPN access in a Back to Back ISA Server Environment". After implementing both ISA-Servers everyting looked fine. An external W2K-Client was able to connect to the internal VPN-Server over the external VPN-Server. But when i testet it with a w2k-client, which was connected to the Internet by ISDN or DSL, the problems began. It is possible to connect to the internal VPN an ping the internal clients, but it isn't possible to transfer larger files or connect to an internal host via terminalserver or pcanywhere. It seems that some packets ar lost. So i read about problems with fragmentation (mtu size) und edited the registries of the client an the isa-servers but nothing helped. I tried some registry-settings for the client from the internet an testet them. But they didn't work neither. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] "SackOpts"=dword:00000001 "TcpWindowSize"=dword:0003ebc0 "Tcp1323Opts"=dword:00000001 "DefaultTTL"=dword:00000040 "EnablePMTUBHDetect"=dword:00000000 "EnablePMTUDiscovery"=dword:00000001 "GlobalMaxTcpWindowSize"=dword:0003ebc0 When i use only the external VPN-Server to connect to DMZ-Hosts everything is fine. We really need this functionality. Does anyone have an idea? Mit freundlichem Gruss, Michael Siemen Mettenmeier GmbH, Projektleiter IT-Services Klingenderstr. 10-14, 33100 Paderborn Tel. (0 52 51) 1 50-321; Fax (0 52 51) 1 50-499 mailto:Michael.Siemen@xxxxxxxxxxxxxx http://www.mettenmeier.de