Hi Jim, I think what Andrew is attempting is as follows (I can see his logic, and wouldn't mind replicating :) + External user connects to http://my.web.site - Resolves to ISA external IP address - ISA proxies the request, and passes data back to external user He wants to do the same, except substituting external with internal, giving one url for one address - it seems logical to do it this way, as you don't have to manage two DNS servers, and attempt to keep the mappings current and up to date. > -----Original Message----- > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > Sent: Thursday, 27 September 2001 23:55 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Q: Cannot access published web server from inte > rnal network > > > http://www.ISAserver.org > > > You want to translate www.externalname.com to an internal IP, > but you don't > want to provide name resolution with that capability? > Ok, you have to take the freeway to work, but you have to > ride your kid's > tricycle and you have to maintain the speed limit. > > Reality check, here; no host connects to another by using > names. That's > strictly for us dumb humans that can't remember a 32-bit number. > Speaking of which, do you think IPv6 is going to make it any easier? > Every TCP/IP connection that one host makes to another is through IP > addresses and, if they're on the same routed subnet, MAC addresses. > FQDN (DNS) resolution services allows hosts to talk to each > other *_ in > spite of _* the "friendly names" we use. > > Two choices; stop trying to "beat the system" and > 1. set up an internal DNS solution > or > 2. quit trying to connect internally using an external name