I have read that article too. I have a port list that is to be opened. Also I guessed that I must use server publishing rules. But there is a point here that I do not have any idea. How to manage the DNS records? How can I use my internal DNS server? Of course by publishing it. However if you publish DNS and DMZ server asks for any DC record it will get an internal IP like 192.168.4.2 and because ISA can not ( I guess so) route back ( from DMZ to internal) DMZ server can not access internal DC. At this point I think I fool the DMZ server by using an DMZ DNS server and manually configuring all related records. But this is not a solution if you have much record to add. I hope there is a more flexible solution then publishing each of the related ports and manually configuring dns records. -----Original Message----- From: Lippman, Michael [mailto:Michael.Lippman@xxxxxxxxxxxxxxxx] Sent: Wednesday, February 06, 2002 2:57 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Back 2 Back http://www.ISAserver.org I am working on this as well. There is a good technet article that deals with MS Exchange 2000. It addresses what needs to be open for exchange which also deals with active directory. Just go to technet and type front end back end exchange server and you will get the white paper. You publish the servers on your internal network to the DMZ. MRL -----Original Message--- From: Goktug Yildirim [mailto:yildirim@xxxxxxxxxxxxxxx] Sent: Tuesday, February 05, 2002 6:11 AM To: [ISAserver.org Discussion List] Subject: [isalist] Back 2 Back http://www.ISAserver.org Hello, How do i configure a server in a back2back dmz zone to reach a service in the internal network? Do I have to create ip packet filters or do i have to publish all the necessary servers in the internal network? I think going on an example will make it simple: I have a server in the back2back dmz and I want this specific server to reach all the related Active Directory servers at the enterprise through internal ISA server. What is specific configuration on the internal ISA server? Thanks for any comment, Goktug ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: Michael.Lippman@xxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: yildirim@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')