Hi Guys,I have some problem configuring ISA server (integrated stand alone mode) with2 NIC behind a router doing VPN to HQ site.I have configuration as follow :- ISA 2000 sp1 on W2K server SP3 as the default gateway, so I have all machines in branchoffice configured as secureNAT.- a branch office in another country need doing domain replication to HQ using privateIP, previously was establish by using cisco router to router VPN.- branch office need firewall and cache, but still need to pass private IP to external interface for doing Domain replication and some MS exchange stuff.- Domain architecture is W2K domain- Private IP subnet of branchoffice (10.20.x.x) and HQ (10.10.x.x) are listed inside LATConnection Diagram illustrated below :BranchOffice(private_net)---------(NIC/PrivateIP)ISA_SERVER(NIC/PublicIP)----Ciscortr------I.N.T.E.R.N.E.T-----Ciscortr------AnotherFirewall---HQOffice(private_net)connection to internet for any application I want was just workin fine, but the problem comes when the 2 machine (DomainController and ExchangeServer) need connection to HQ wich was approach by establish VPN penetrating internet cloud using CiscoVPN, Scenario #1 :The traffic from that 2 servers going to the private ip of HQ (10.10.x.x), please do not NAT until reach the external NIC of ISA server, so the router can catch it as branchoffice's private_ip(10.20.x.x) then router will wrap it and pass it trough vpn using Cisco router to router vpn.Scenario #2 :All traffic going to the private ip of HQ (10.10.x.x), please do not NAT until reach the external NIC of ISA server, so the router can catch it as branchoffice's private_ip(10.20.x.x) then router will wrap it and pass it trough vpn using Cisco router to router vpn.AnotherFirewall in HQ is able to distinguish the traffic that do not need NAT, how to make ISAServer able to do so ?Expert, please help me to establish one of the above scenario, all advice will greatly appreciatedTIA,EdoLho --------------------------------- Do you Yahoo!? Y! Web Hosting - Let the expert host your web site