Hi Gillian, You can't put the Exchange Server in the DMZ because you can't extend the internal network forest into the DMZ. Both the FE and BE should go into the internal network. You can use a LAT based DMZ if you want to segregate the FE from the BE. You'll have to create the appropraite IPSec filters and/or RRAS packet filters. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Gillian Cook [mailto:gcook@xxxxxxx] Sent: Wednesday, March 26, 2003 1:49 PM To: [ISAserver.org Discussion List] Subject: [isalist] B2B DMZ - ISA and Exchange 2k http://www.ISAserver.org I'm curious how Exchange 2k and OWA are setup and secured in a Back to Back DMZ with 2 ISA servers? Do you put the Exchange server (with OWA on the same server) in the DMZ? Or do you put OWA in the DMZ and Exchange2k server in the private network? Is the standard practice to setup an Exchange Front End back end setup? I bought and read your book Tom, which is excellent. But I didn't see this topic included in the DMZ section. Are there any published articles on this? Any thoughts? TIA, Gillian Cook ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')