what type of client do you have? are they configured as securenat, firewall, or web proxy? Farshad -----Original Message----- From: VEITCH,NICHOLA (HP-UnitedKingdom,ex1) [mailto:nichola_veitch@xxxxxx] Sent: Thursday, January 24, 2002 2:15 AM To: [ISAserver.org Discussion List] Subject: [isalist] authentication and access policy Importance: High http://www.ISAserver.org I have an access policy which consists of one protocol rule that allows http, ftp etc and is applied to all the relevant user groups in Active Directory. I have a number of Site and Content rules that control access to a specific destination (either intranet or Internet), all rules are applied to a specific group of users (in AD). The default site and content rule has been removed and a set of rules have been set up to allow access. There are no deny rules. The problem I am having is that all users can access the same sites or are denied access regardless of their group membership or the content rule in ISA. The array policy is not set to prompt for authorisation (integrated) - Ask unauthenticated users for identification is NOT selected for Outgoing requests. IF it is selected then no users can access any sites - I get the error "HTTP Error 403" 403.6 Forbidden: IP address rejected I am using win2k sp2, IE5.0 Any Ideas??? Thanks. Nichola Veitch Microsoft Services Operation Tel: +44 (0)1344 365861 Mobile: 07771 660309 ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: farshad@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')