Hi Nigel, Its certainly been true on all the ISA Servers that I've worked with that had a trihomed DMZ configuration and public addresses on the DMZ segment. Protocol rules only effect communications between LAT clients and the Internet. So, I have to assume that your LAT is whack, or something else that is causing this odd behavior. HTH, Tom www.isaserver.org/shinder -----Original Message----- From: Nigel Carroll [mailto:nigel@xxxxxxxxxxxxxxx] Sent: Friday, January 25, 2002 3:05 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: DMZ perimeter network works withOUT a packet filter http://www.ISAserver.org If true (and I wouldn't doubt you Tom ;-) then my multihomed public/private internal NIC must be seen by ISA as one private network (even though public subnet not in LAT) since the protocol rule is DEFINITELY required before I can get anything out from my public DMZ subnet other than ICMP. Would you say that that is a possible explanation ie ISA is treating them as one private network? Nigel -----Original Message----- From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Friday, 25 January 2002 3:38 Subject: RE: DMZ perimeter network works withOUT a packet filter Hi Nigel, Protocol Rules have *no* effect on routing packets between the network and the pubic DMZ segment. HTH, Tom ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')