I have 8 clients and 1 ISA box. 2 of the 8 clients use Shivia VPN software to access other companies over the net. As well as they access the web. 5 other machines access the web only and 1 other machine accesses the web, SQL, VPN and FTP. What is the best practice for doing this? Do create one access rule for everything, and listen for local host, internal, and vpn clients? Or do I add the machines to the ISA box and group things up? Regards, Andrew