You can't have more than one external (public) interface with ISA. ISA changes the W2K routing behavior to make the machine more secure. It treats interfaces thusly: - External: 1. has the one and only default gateway 2. is not in the LAT 3. off-subnet traffic is routed according to ISA rules and filters - DMZ 1. has no default gateway 2. is not in the LAT 3. off-subnet traffic is dropped as "spoofed" - Internal: 1. has no default gateway 2. is in the LAT 3. no traffic filtering is done; ISA processes this traffic according to client rules Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "William T. Holmes" <wtholmes@xxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, May 08, 2002 6:36 PM Subject: [isalist] Re: DHCP configured Interface without default route. http://www.ISAserver.org Hello, I don't have control over the DHCP server for this interface. If I manually delete the default route the is set when the interface comes up then everything works fine. Then traffic goes where its "supposed to". I guess one more question I have is that when you have more than two interfaces (external) In what order does the routing occur. It would seem that (looking from the inside) that the routing is taking place "outside" In other words the ISA server treats interfaces as though they are both outside and does not make any real routing decisions. Is this correct ? Thanks -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Monday, May 06, 2002 12:06 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: DHCP configured Interface without default route. http://www.ISAserver.org You'll have to do this at the DHCP server. 1. Create a scope just for that server 2. Within that scope, 1. create the normal scope options, but don't specify a "router" 2. reserve an IP for the ISA interface that should be "routeless" 3. Remove that IP from the original scope Bear in mind that ISA won't tolerate any off-subnet traffic from the extra external interface, regardless of how you set it up. The ISA team seems to have taken Conner McLeod seriously... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "William T. Holmes" <wtholmes@xxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Sunday, May 05, 2002 6:31 PM Subject: [isalist] DHCP configured Interface without default route. http://www.ISAserver.org Hello, I have two interfaces on the external side of my ISA server. One of them should be the default route the other one has a route to a specific network. Both are configured via DHCP. Both DHCP servers actually offer valid default routes. However I want one of the interfaces to ignore its default route. Right now I manually delete this interfaces default route after the interface comes up. Is there a way to suppress the default route on a DCHP configured external interface? Is there a way to configure ISA to ignore a specific default route and always use a "preferred" default route? Thanks Bill ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: wtholmes@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')