Hello Jim, Im asking if you got the reply i send you yesterday. If you didnt, take a look at the following scenario based on the answer you provided. I im using the first 128 segment of a class C. That certain class is public and its mine and suppose its the x.x.x.0 to 128. Im using x for the first three numbers which the are the same so please dont be annoyed. The router has the address x.x.x.2 with subnet mask 255.255.255.128 and ip broadcast address x.x.x.1. Take a look at what i gave the following: -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Thursday, August 09, 2001 7:22 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Accessing the Internet from DMZ http://www.ISAserver.org Check that your setup looks something like this: Well, it looks like this ISA external NIC IP = <extIP> x.x.x.3 GW = <extGW> x.x.x.2 (the address at the interface of the router) NM = <extMask> 255.255.255.128 ISA DMZ NIC IP = <DMZ_IP> x.x.x.5 GW = <empty> ok NM = <subnet of extGW> 255.255.255.128 DMZ Server IP = <DMZ_srvr_IP> x.x.x.6 GW = <ISA_DMZ__NIC> x.x.x.5 NM = <ISA_DMZ_NM> 255.255.255.128 DMZ Server IE settings No proxy (empty the settings) ok ISA PF Here trying to implement the following packet filter i get the following message here IP protocol = TCP Direction = outbound Local port = All ports Remote port = Fixed, 80 local computer = "these computers (on the perimeter network)" After it tries to find the server in the DMZ (which happens due to NETBEUI that is installed on that DMZ WIN2k Server (please dont scream!!!)) it tells that it cant find the ip address allocated with that server. Remote Computer = All Jim Harrison MCP(2K), A+, Network+, PCG What's the catch here? The routing and remote access service in the WIN2K server is down. I suppose this is ok because the routing is done by the isa server services right? If there is further need for subnetting that class C or should I subnet in fewer addresses than the 128 block range. From the LAT everything is OK. Full access to the Internet, implemented icmp traffic OK and the isa server itself with a the internal network address configured as proxy setting in IE has full access to the internet. Are there any problems with Netbeui? I dont think thats the problem. Should the routing in the 7200 Cisco router in the OSPF routing include in the backbone area (0) the certain class C im talking about? I dont think thats the issue also because Im having access through there. Thank you for your help Jim and Im sure you'll do the best to assist me. Constantinos Bourliaskos MCP (For the moment...) ----- Original Message ----- From: Constantinos <mailto:kbourlia@xxxxxxxxx> Bourliaskos To: [ISAserver.org Discussion List] <mailto:isalist@xxxxxxxxxxxxx> Sent: Thursday, August 09, 2001 08:01 Subject: [isalist] Accessing the Internet from DMZ http://www.ISAserver.org I have implemented the trihomed scenario and im having problem accessing the internet from my DMZ. Routing and pakcket filtering are enabled. Im suspecting that it has to do something with the network configuration of the clients or with an another rule that i havent applied. In the browser of a DMZ host what gateway should I enter. The address of the DMZ network card, the address of the external network card of the ISA server or the address of the router?. Should the routing and remote access service in the WIN2k services be up or Isa does it by itself. Please help me im new to the ISA stuff. (It is obvious, isn't it) ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: kbourlia@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')