hi, directly from www.isasever.org: [...] "Trihomed DMZ Must Have Public IP Addresses The fact that the DMZ segment on a Trihomed DMZ must have public addresses can?t be overstated. We see a lot of people who have problems constructing their DMZ because they try to use private addresses on the DMZ segment. All you accomplish by doing this is to create two internal network interfaces or an external network interface that cannot access internal or external resources. The DMZ must be configured as an external network interface. External resources are not trusted by the internal network. To configure the DMZ segment as an external network resource, you must NOT put IP addresses in the DMZ segment into the LAT. Only the internal network IP addresses are contained in the LAT." [...] you can look in the "Learning zone", they are a lot of articles very good! (thanks www.isaserver.org!!!!!) bye, gg -----Messaggio originale----- Da: rufyo@xxxxxxxxx [mailto:rufyo@xxxxxxxxx] Inviato: mercoledì 15 maggio 2002 19.51 A: [ISAserver.org Discussion List] Oggetto: [isalist] Internet & DMZ access from internal LAN http://www.ISAserver.org Hi there, i've some problems to configure my lan clients to access the internet through the internal firewall. The scenario is described below: i've configured a first Isa Server 2000 firewall with 3 nics, two connected with two separate internal lans and one connected with DMZ segment (with some servers) 10.16.2.1 -->Internal NIC1 192.168.10.1 DMZ NIC 10.16.3.1 -->Internal NIC2 on DMZ i've some servers configured with 192.168.10.x address family and a second firewall configured with two NICs: 192.168.10.9 --> DMZ NIC xxx.yyy.zzz.kkk ---> Internet NIC i've configured servers on DMZ to access the internet and published some of them (WEB,MAIL etc.) and all works fine. But i can't get access the internet from internal LANs. In which way i've to configure the internal firewall to access both the internet and dmz servers? Help would be appreciated. Thanks. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: l.grieco@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')