Thanks for info Tom and confirmation. Another follow-up. But what about OWA on the Ex2k server (no FE BE involved)? Currently, we've got OWA published in working order with a single ISA server. What steps would need to be done (in a B2B DMZ setup) to access (publish) the internal web site (OWA)? I'm still unclear about that. I understand that web and server publishing rules are used for granting access in and protocol rules are used for access out. I'm not sure how this corresponds in the Back to Back DMZ config with OWA on the internal network. How does the External ISA server know how to get to the internal network to find the OWA server in the web publishing rule? Am I missing something obvious? TIA, Gillian Cook -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, March 26, 2003 8:30 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: B2B DMZ - ISA and Exchange 2k http://www.ISAserver.org Hi Gillian, You can't put the Exchange Server in the DMZ because you can't extend the internal network forest into the DMZ. Both the FE and BE should go into the internal network. You can use a LAT based DMZ if you want to segregate the FE from the BE. You'll have to create the appropraite IPSec filters and/or RRAS packet filters. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Gillian Cook [mailto:gcook@xxxxxxx] Sent: Wednesday, March 26, 2003 1:49 PM To: [ISAserver.org Discussion List] Subject: [isalist] B2B DMZ - ISA and Exchange 2k http://www.ISAserver.org I'm curious how Exchange 2k and OWA are setup and secured in a Back to Back DMZ with 2 ISA servers? Do you put the Exchange server (with OWA on the same server) in the DMZ? Or do you put OWA in the DMZ and Exchange2k server in the private network? Is the standard practice to setup an Exchange Front End back end setup? I bought and read your book Tom, which is excellent. But I didn't see this topic included in the DMZ section. Are there any published articles on this? Any thoughts? TIA, Gillian Cook ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gcook@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')