Hi everyone, Hope you can help with this one. I have not been successsful in getting a DMZ STMP server to communicate to an Internal SMTP server. My ISA NIC are configured as follows (these are example Class C's. I am using 2 Class C's assigned by our ISP.) External NIC IP=192.200.30.2/24 Gateway=192.200.30.1/24 (ISP router) DMZ NIC IP=192.200.31.2/24 gateway is blank Internal NIC IP=192.168.1.2/24 gateway is also blank The DMZ SMTP server IP=192.200.31.3. I have configured SMTP packet filters to allow port 25 in and out to any ip. The internal SMTP server ip=192.168.1.150 and is published as 192.200.30.57 ext NIC configured with several ip's. 50-60 Also set int protocol rules for outbound port 25 to any. My LAT only contains the internal segments. When tested, I can connect from; -ext. SMTP server (192.200.30.200) <-> DMZ SMTP server. -ext. SMTP <-> int. SMTP -int. SMTP -> DMZ SMTP But, DMZ (192.200.31.3) to published int (192.200.30.57) is not working. The IPPEXTD log shows success from 192.200.31.3 to 192.200.31.57 via 192.200.31.2 but no other message from then on about it. An IP Packet Drop alert is also indicated. I have tried different ports with the same result. Is there a way to do this? Or am I missing something? With the ISA disabled, pings between all NIC's work fine which indicates to me that it is not a Win2k routing/misconfiguration issue. The SMTP servers i am using for this test have been connected to live segments and tested for connectivity to eliminate any suspicions of misconfigurations on them. Maybe this is expected behavior when using two Class C segments for ext and DMZ. Tom's book, The Learning Zone, MS Technet, and other writings indicate another option is to subnet 1 segment. Is this the fix? My next option, which is less favorable, is to make the dmz a private segment, use tcp/ip filtering, and publish the smtp server instead. Any thoughts, suggestions, or help would be greatly appreicated. Thanx! :)