Many thanks to the contributors to this list and to ISAServer.org. I have set up a lab to simulate an enterprise network with back to back ISA servers. After establishing a VPN tunnel into the network the client can no longer access the Internet. When I do trace route to any site the the astericks come back on the first hop. If I disconnect the VPN connections all is well again. I am using PPTP as I have not set up CertSrv yet. Can anyone explain this behavior? Does the IP stack lock down to point only to the ISA server to protect from the client being hacked and an intruder gaining an autenticated path to the LAN? Thanks, Brian Hoover I.T. Manager Vidar Systems Corporation