I am setting up a tri-homed ISA to protect the internal side of a DMZ. A web server will be communicating through a different firewall to the application servers guarded by ISA. The app servers are a child domain (vendor insists on a domain)and need to communicate with the parent domain on the other side of ISA. All DCs are in the secondary DMZ formed by the ISA. Basically looks like this: FW1 ----------- | \ | \Web Server DMZ ISA --------- | \ | \ | \App Servers (DCs) forming child domain Internal Domain (Parent Domain) I am looking at using SMTP for the replication traffic. Any thoughts on this setup? Better ways to do this? Thanks in advance!