Give a little more detail? It would seem that if you NAT'd the inside server to a valid address, and gave access (to that address) to the outside agency, via just one source address or an address block, this would solve your problem.
The other possibility would be to set up SecuRemote on the FW1 server, and have the outside agency download (for free) the client. Set up a SecuRemote encryption group with just that one server in it, use it as the destination in the S/R rule, and put the users from the outside agency in the SecuRemote users group used in the source of the same rule. Obviously this may be painful to set up if there is a large number of users. If neither of these suggestions helps, give a few more details and repost. Someone will be able to help you out. --- CURTIS FLETCHER <[EMAIL PROTECTED]> wrote: > i am trying to give access to an internal server to an outside agency and > am having problems getting an inside server redirected from the outside. > does anone have any ideas, have aleady tied the checkpoint database. > thanks. > ===== Nick CISSP, CCSI, MCSE, CCNA Raleigh, NC __________________________________________________ Do You Yahoo!? Buy the perfect holiday gifts at Yahoo! Shopping. http://shopping.yahoo.com