Hello! I have installed the ISA Server 2004 as a back-firewall. Behind the internal subnet (192.168.x.x/16) there is a second subnet (172.16.x.x/16) connected by a router. Because of these two subnets a static route is needed at the ISA-Server to direct the traffic from the first subnet (192.168.x.x/16) to the second subnet (172.16.x.x/16). I don't want the ISA-2004 to inspect the traffic over this static route - only the traffic from internal to external and vice versa - but not from internal to internal, where the static route is defined. So I defined a rule "any/any" from the first to the second subnet. Now the problem: "any/any" only affects the defined protocols. Packets using undefined protocols without a protocol definition are dropped by the ISA-Server even if there is this "any/any" rule. How can I achieve the ISA server not to inspect or regulate the traffic over the static route at all? Because of the simple LAT there was no problem with ISA 2000. Since ISA 2004 can manage multiple networks ... how can I prevent the ISA 2004 to manage the traffic inside all internal networks never crossing the ISA to the external? Thanks in advance. Harald