Hello-- I'd like to ask for some advice from all of you ISA gurus. I'm in the final stages of putting my new ISA server into full production. I currently have a Windows 2003-based VPN server behind my firewall (PPTP-based, which I understand won't work with an ISA firewall). It used to get a lot of action, but thanks to some network re-configuring the VPN server now has typically about 10 clients attached at a given time. So my question is, do you think it's better to have the VPN clients connect directly to the ISA server? Or would it be better to have the VPN clients connect to a VPN server behind the firewall, like they do now (migrating to L2TP/IPSEC)? I ask from two points of view: network security-wise and firewall performance-wise. (We have a couple of hundred users behind the firewall.) Thanks, Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rob Moore, MCSE Network Manager American Friends Service Committee 215-241-7870 rmoore@xxxxxxxx Our greatest glory is not in never failing but in rising every time we fall. --Confucius