MessageHi Tom, Thanks. Actually this ISA server is also a VPN server, RRAS and LAN routing is enabled. I can find the 4 packet filters for L2TP and PPTP and in RRAS IP Routing\General, I saw the 3 dedicated interfaces (LAN, DMZ and Internet). best regards Jeffrey ----- Original Message ----- From: Thomas W Shinder To: [ISAserver.org Discussion List] Sent: Friday, March 07, 2003 10:23 AM Subject: [isalist] Re: LATDMZ http://www.ISAserver.org Hi Jeffrey, Hmmm. I was hoping you would have said something else. OK, enable RRAS and LAN routing. Best way to do this is to run the VPN Server Wizard from the ISA Management console. If you don't want to allow inbound VPN connections, just disable the packet filters the Wizard creates. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Zhangjb2 [mailto:zhangjb2@xxxxxxxxxxx] Sent: Friday, March 07, 2003 9:21 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: LATDMZ http://www.ISAserver.org clients' default gateway is internal network card IP address on ISA server. Jeffrey ----- Original Message ----- From: Thomas W Shinder To: [ISAserver.org Discussion List] Sent: Friday, March 07, 2003 10:03 AM Subject: [isalist] Re: LATDMZ http://www.ISAserver.org Hi Jeffrey, How to the clients know the route to remote networks? (HINT) HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jeffrey Zhang [mailto:zhangjb2@xxxxxxxxxxx] Sent: Thursday, March 06, 2003 10:48 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: LATDMZ http://www.ISAserver.org Hi Tom, Yes, you got the right network structure, a tri-homed ISA server, two different subnets for internal and DMZ, an external network to internet, web server and FTP server is in DMZ. I'd like to let clients in internal network to access web and FTP server in DMZ, and external clients can also access them. I read your chapter 4 and understand 3 methods to control the traffic between internal network and LATDMZ, but my problem is before the first step, you describe that if I connect two subnets to ISA and enable the IP Routing, they can communicate each other. I did but I can not access DMZ from internal net. Where do I need to check? thanks Jeffrey