Hi Michael, you cann't subnet further a range of 4 IP-addresses. So, you need at least a range of 8 consecutive IP-addresses. You can split this range in 2 equal parts of 4 ip-addresses. Then you can have exact 1 server on your DMZ: - 1st IP = reserved and means 'this net' - 2nd IP = ISA DMZ interface - 3th IP = server - 4th IP = reserved and means 'broadcast = all stations on this net' When you need more DMZ servers you'll have to purchase more IP-addresses (16, 32, 64, etc...). For more info how subnetting works, have a look at http://www.howtosubnet.com/ Hope this helps, Stefaan -----Original Message----- From: Michael Wischnowsky [mailto:MWISCH@xxxxxxxxxxxxxxxxx] Sent: woensdag 13 februari 2002 16:30 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA, Mailrealay and DMZ issues... http://www.ISAserver.org Thanks for getting back to me. We currently have a range of four IP addresses provided to us by our ISP on our DSL line. These addresses all have the same subnet, so does that mean I have to purchase a different range of address or can I some how make this work in my DMZ. Thanks. Michael Wischnowsky -----Original Message----- From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxx] Sent: Monday, February 11, 2002 3:36 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA, Mailrealay and DMZ issues... http://www.ISAserver.org Hi Michael, the way you constructed your trihomed ISA configuration will never work. Your main problem is that the DMZ subnet *must* be public ip-addresses and your DMZ subnet has private ip-addresses. In a trihomed configuration ISA is doing routing and packet filtering between external and DMZ interface, no NAT/PAT is involved. I suggest you take a look at: - http://support.microsoft.com/servicedesks/webcasts/wc110801/wcblurb11080 1.as p very good presentation on the different DMZ scenario's - the learning zone on www.isaserver.org Hope this helps, Stefaan -----Original Message----- From: michael [mailto:mwisch@xxxxxxxxxxxxxxxxx] Sent: maandag 11 februari 2002 19:31 To: [ISAserver.org Discussion List] Subject: [isalist] ISA, Mailrealay and DMZ issues... http://www.ISAserver.org I am trying to configure our email to go through our DMZ which currently has a mail relay server, and I'm having a hard time getting email to go out. This is how I would like it configured. ISA SERVER = Trihomed Mail Relay = 192.168.XX.XX Exchange = 10.80.XX.XX Public = 63.68.XX.XX Private = 10.80.XX.XX DMZ = 192.168.XX.XX Email comes in and hits the ISA server (63.68.xx.xx) which has a SMTP protocol rule pointing all incoming email to the Mail Relay server (192.168.xx.xx). The Mail Relay Server than has a Remote Virtual SMTP Server established on IIS to point all incoming email to the Smart Host which is exchange(10.80.xx.xx). This configuration works fine for incoming email, but I can't seem to get things to work for outgoing email. When an internal users tries to send email, it first hits the exchange box, which has a SMTP connector pointing to the Mail Relay. The problem is that the mail relay server wants to send all incoming email to the exchange server, this obviously becomes a routing problem. If I tell the exchange server to use DNS instead of putting in the Mail relay server's IP address, the email goes out but avoids the mail relay all together, which defeats the purpose of what I'm trying to do. I have read a few articles and many of them mention the mail relay has to have a public address, but this then opens up the Mail relay server for intruders. Thanks in advance. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mwisch@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')