Hi Andrey, The trihomed DMZ is a directly connected segment that receives ROUTED packets from the Internet. That means you need public addresses for that segment. Its a poor setup from a security standpoint, but some people are forced to put hosts on a public segment like this for technical or psychological reasons. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Andrey Silkin [mailto:silkin@xxxxxx] Sent: Tuesday, August 19, 2003 5:55 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Setup of Tri-Homed DMZ http://www.ISAserver.org Hi Pranesh ! You had wrote about configuration and installation a tri-homed DMZ. This title is very interesting to me , so can you send me a links or an articles about this ? I tried to make tri-homed DMZ but not successfully. (my servers in the DMZ don't see ISA-Server ,for example ). Best Regards Andrey Silkin -----Original Message----- From: Pranesh.K [mailto:cmspanu@xxxxxxxxx] Sent: Tuesday, August 19, 2003 1:42 PM To: [ISAserver.org Discussion List] Subject: [isalist] Setup of Tri-Homed DMZ http://www.ISAserver.org 1. We have configured a tri-homed ISA firewall as per the steps given in the Microsoft help and documentation. But we are not succeeded the same. ISA (std. edition)is installed on windows 2000 server with latest service pack. Pls go through the following and advice me the solution for the same.  One network adapter connected to the corporate network's internal clients.  The second network adapter connects to the corporate network's servers, which are located in the perimeter network.  The third network adapter connects to the Internet.  Configured the LAT to include all the addresses on the corporate network. (internal: 192.168.1.1 and external address : 202.140.129.49)  Enabled packet filtering.  Enabled IP routing.  Created IP packet filters for the mail servers in the perimeter network. Each IP packet filter should have the following parameters:  Filter type selected - custom (any Ip and both direction)  Local computer IP address of the perimeter network server- 202.140.129.210/29  Remote computer should be Any Computer (or a specific computer, if access is limited to specific computers).