Hi, Jeffrey: Like Tom said, it should work. I have similiar network enviroment as yours, tri-homed with DMZ, etc. Make sure the routing table is configured correct in you ISA. Best regards, John Huang -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Friday, March 07, 2003 10:48 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: LATDMZ http://www.ISAserver.org Hi Jeffrey, It should work. RRAS is aware of all directly attached networks, LAN routing is enabled and the ISA Server has IP Routing enabled. Packets should flow nicely from network to network. Make sure the clients on the LATDMZ are using the correct default gateway. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Zhangjb2 [mailto:zhangjb2@xxxxxxxxxxx] Sent: Friday, March 07, 2003 9:40 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: LATDMZ http://www.ISAserver.org Hi Tom, Thanks. Actually this ISA server is also a VPN server, RRAS and LAN routing is enabled. I can find the 4 packet filters for L2TP and PPTP and in RRAS IP Routing\General, I saw the 3 dedicated interfaces (LAN, DMZ and Internet). best regards Jeffrey ----- Original Message ----- From: Thomas W Shinder <mailto:tshinder@xxxxxxxxxxxxxxxxxx> To: [ISAserver.org Discussion List] <mailto:isalist@xxxxxxxxxxxxx> Sent: Friday, March 07, 2003 10:23 AM Subject: [isalist] Re: LATDMZ http://www.ISAserver.org Hi Jeffrey, Hmmm. I was hoping you would have said something else. OK, enable RRAS and LAN routing. Best way to do this is to run the VPN Server Wizard from the ISA Management console. If you don't want to allow inbound VPN connections, just disable the packet filters the Wizard creates. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Zhangjb2 [mailto:zhangjb2@xxxxxxxxxxx] Sent: Friday, March 07, 2003 9:21 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: LATDMZ http://www.ISAserver.org clients' default gateway is internal network card IP address on ISA server. Jeffrey ----- Original Message ----- From: Thomas W Shinder <mailto:tshinder@xxxxxxxxxxxxxxxxxx> To: [ISAserver.org Discussion <mailto:isalist@xxxxxxxxxxxxx> List] Sent: Friday, March 07, 2003 10:03 AM Subject: [isalist] Re: LATDMZ http://www.ISAserver.org Hi Jeffrey, How to the clients know the route to remote networks? (HINT) HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jeffrey Zhang [mailto:zhangjb2@xxxxxxxxxxx] Sent: Thursday, March 06, 2003 10:48 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: LATDMZ http://www.ISAserver.org Hi Tom, Yes, you got the right network structure, a tri-homed ISA server, two different subnets for internal and DMZ, an external network to internet, web server and FTP server is in DMZ. I'd like to let clients in internal network to access web and FTP server in DMZ, and external clients can also access them. I read your chapter 4 and understand 3 methods to control the traffic between internal network and LATDMZ, but my problem is before the first step, you describe that if I connect two subnets to ISA and enable the IP Routing, they can communicate each other. I did but I can not access DMZ from internal net. Where do I need to check? thanks Jeffrey ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jun@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')