Hi Aman, The key is the split DNS infrastructure. Its easy and fun. And your roaming users will love it and the ISA firewall performance will improve quite a bit when corp users aren't looping back through the firewall to access Internal resources that should be connecting to directly. Your two keys to success: 1. Split DNS infrastructure 2. Direct Access for Web Proxy clients for Internal domains and addresses 3. Address Internal domains to the list of domains in the Firewall clients tab This isn't a theoretical deal, its something that I always do in my own engagements and its something that always works. Try it, you'll definitely like it. HTH, Tom ________________________________ From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Monday, September 13, 2004 2:08 PM To: [ISAserver.org Discussion List] Subject: [isalist] Web Listeners http://www.ISAserver.org Hi everyone. I have published 2 webservers on our internal domain. When someone accesses the sites from outside they work fine. From internal network, I can access the sites thru local ip, but doesn't work thru website name or public ip . (securenat clients) It works fine for Firewall clients ... Any ides ? ALSO tom, whish one is better, to force a client to be firewall client or to force them to be proxy client? i read in ISA 2004 "firewall client credentials are forwarded to the web proxy service". This is unlike ISA 2000 .right ? that means if i force users to be firewall clients only, then i can have rules based on user credentials ...( which was not possible is isa 2000, as u said in ur article that to do so we should force clients to be proxy clients) please clarify this point. Thanks ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx