ISA 2000 can take awhile to make policy changes effective; ISA 2004 does a much better job of this. DO NOT USE "IPEnableRouter". Let me say it again: DO NOT USE "IPEnableRouter". This is a TCP/IP registry setting that effectively "gets around" ISA routing. ISA is *(NOT)* a router, although it's possible to pass traffic across ISA to another network *(IF)* you configure the rules and the clients properly. Since you only have two interfaces, one of those networks is seen as "external" by ISA and all traffic from that network will be blocked by default. -------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -------------------------------------------- -----Original Message----- From: Itajiba Bezerra [mailto:itajiba.bezerra@xxxxxxxxxxxxx] Sent: Thursday, February 02, 2006 3:36 AM To: [ISAserver.org Discussion List] Subject: [isalist] It is necessary to restart the Firewall service to apply new policy rules http://www.ISAserver.org After installing the ISA Server 2000 SP2 on a computer with Windows 2003 SP1, I noticed the following behaviour: when a new policy rule is created, it is necessary to restart the Firewall service and sometimes I need to reboot the machine in order to new rule works. Another problem: it was necessary to enable IPEnableRoute to route the traffic between the LANs. The server has two NIC cards (External and Internal LAN) and both are using private addresses (10.8.50.x/24 and 10.8.51.x/24). Where is my fault ? ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.