Hello, I have a few question about some changes that I would like to make to my VPN infrastructure. I have a diagram here: http://www.cs.cornell.edu/~wtholmes/vpnquestion.htm Currently: The ISA server allocates ip addresses from a private 172.x.x.x range without using DHCP. The DHCP relay agent is not enabled. The Network setup on the ISA server is configured to NAT to both the internal and external networks. The problems with this setup are: Internal servers can not connect to VPN Clients. There are several applications in our environment that require this. Allowing the RRAS server to assingn addresses from a pool without using DHCP and without enabling the DHCP relay agent seems to prevent the clients from having their DNS configure correctly. This causes a large number of problems. Proposed: Eliminate NAT for traffic destined to the internal interface and networks. The Internal network router would be configured to route traffic from our internal systems to the ISA server that is destined for a VPN client on the 172.x.x.x network. The ISA server would be reconfigured to Route rather than NAT for all the Internal networks. RRAS on the ISA would be configured to use DHCP for its address allocation, and have the DHCP relay agent enabled to point to the internal DHCP server. Question: I would like the VPN network to be separate from both the Internal and External networks. That is I want the VPN network to remain as 172.x.x.x, The external network to remain as x.x.x.x and the internal network to remain as y.y.y.y. I want to use my internal DHCP server for the VPN network. How can I assign the correct subnet to the VPN net so that when it requests an address it requests it from the correct DHCP scope? There does not seem to be a way to configure this that I can see. It only gives me a choice of the internal and external adapters as a source for DCHP information. It does not allow me to say use the internal adapter and the following subnet. Thanks Bill William Holmes (MCP) Department of Computer Science 310 Upson Hall Cornell University Ithaca, NY 14853 wtholmes@xxxxxxxxxxxxxx 607 255-1757 (o) 607 227-6049 (c)