I have a major problem with IIS and is really bugging me at the moment. I have a website running on IIS and Windows 2000 Server. IIS allows internal and external clients to connect the website meaning that our firewall and router is allowing traffic over port 80 which is good. There is a restricted side to the web site which has user names and passwords controlled by IIS. Internal clients can be authenticated and can access the restricted resources. External clients can not be authenticated!!! Now for the confusing part I set up a test client on the external interface of the firewall by unplugging the router which connects to the internet and giving it a random public class C IP address and IIS authenticated me and let me in to the restricted side of the web site. How can this be?? Why is IIS not allowing external internet clients to connect to IIS?