If this truly is a "dedicated" line, then you have a restricted subnet and can apply the normal network constructs to it. OTOH, if this is nothing more than another Internet connection, though doth be fooqued. What's wrong with a good old VPN cconnection? ________________________________ From: isapros-bounce@xxxxxxxxxxxxx on behalf of Steve Moffat Sent: Thu 7/6/2006 9:57 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] 3rd Party App problem. One of my customers, an insurance agent needs access to an application at one of their insurance companies HQ's. The app is on a citrix server. Simple you say.....hmm This is what they have been told. They will be supplied with a dedicated DSL link between HQ and my customer. My customer is to add a 3rd nic to his ISA and have it connect to this dsl connection. Only the traffic to the insurance app is to go through this DMZ dsl connection. Am I correct in thinking this cannot be done? The WAN provider for the big insurance company assures the customer that this can be done. As far as I am aware, the Citrix Server is in a DMZ hanging off a checkpoint Firewall. All mail to and from this domain is GFI-scanned.