Hi Jim, > -----Original Message----- > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > Sent: Friday, 28 September 2001 10:20 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Q: Cannot access published web server from inte > rnal network > > > http://www.ISAserver.org > > > Yes, I understood that, and even once thought that it should happen > "transparently", but after fighting my way through it and > learning a bit > about ISA, I came to understand that it just doesn't make > sense to ask the > NAT process to "double-NAT" the packet when a direct > connection is not only > possible, but more efficient. > > Essentially, the packet travels like this: > 1. the client at 192.168.0.2 gets the external IP for the > requested name, > say 123.123.123.123. > 2. the client then proceeds to ask ISA to proxy the request to that IP > address > 3. ISA receives the request and attempts to route the request > to the NAT > editor, who then realizes that the original source IP and the new > destination IP are in both the LAT. At this point the ISA > logic asks "why > are we even trying to do this?" and drops the communication > while making an > event log entry. > > It's an effect I like to refer to as "isotropic IP bounce" > (with a smirk) > and it's just doesn't make sense in the grand scheme of things. You mean MS are making products that make sense now?? (I'll see your smirk and raise you a nervous giggle :) It doesn't make sense to 'doubleNAT', but it sure as hell makes things easier to setup :/ I'm still attempting to get everything to 'click' here - I've got the option of either doing the DMZ thing (have ~8 IP's ready to roll) or the published internal server. I'm still yet to get the DMZ server working correctly - leaving me with a published internal server - most painful - as it would appear that I'm in the same boat :/ -- Anthony Michaud Network Administrator Act! Certified Consultant eLogix Corporation Pty Ltd You've got an anti-anti-antimissile missile? Well, we've got an anti-anti-anti-antimissile missile!" - Get Smart!