Hi William, If the only DNS server you have configured on the firewall is the internal DNS server, then it will query that server for the name resolution. Whatever answer it gives the Web Proxy service is the IP address it'll use. If that server authoritative for the domain in quesiton? If not, then it will send the query to the forwarder for resolution. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: Thursday, September 04, 2003 8:38 AM To: [ISAserver.org Discussion List] Subject: [isalist] Tracert shows different IP Resolve http://www.ISAserver.org Hi there I am trying to access a website on the "public" side of my ISA Firewall, but it's actually not public because it is then "routed" (I have a PIX managing my DMZ's) over a WAN link to another company where I then access the private IP Address of their web server. I am also hosting a secondary DNS Zone of this other company to allow me to access their private addresses. When I do an NSLOOKUP of the website from my workstation, it returns the private IP Address (172.16.x.x) just fine. When I do a TRACERT it also works fine. BUT When I do a TRACERT on the ISA Firewall, it all of a sudden tries to access the Public IP Address of this web server. (The NSLOOKUP from the ISA also returns the private address correctly). This then explains why I cannot access this website from my IExplorer, but I would like to know how to fix it. The DNS of my ISA is setup as follows: Internal Interface - Use my own internal DNS with Forwarders set to my ISP External Interface - Nothing, both DNS entries are empty Does anyone have any ideas on how to address such an issue?