Hi David, it's correct that in realworld life situations the external and dmz interfaces have usual public routable addresses. However nothing prevents you to use private addresses for test purposes. You'll have only to pay attention on the creating of the LAT. However, I assume that the router is doing NAT. If you want to test IPSEC/ESP from outside (through the router) this will not work due to the IPSEC problems with NAT. So, you will be limited to test IPSEC/ESP from the Router inside segment. Hope this helps, Stefaan -----Original Message----- From: David Elmquist [mailto:david@xxxxxxxxxx] Sent: zaterdag 12 januari 2002 14:43 To: [ISAserver.org Discussion List] Subject: [isalist] DMZ with private IP adresses behind router http://www.ISAserver.org Hello list I would like to create a DMZ net on my ISA, which is behind a router. The config would be something like this: Router outside: xxx.xxx.xxx.xxx routable IP address Router inside: 192.168.1.1/ 255.255.255.128 ISA external: 192.168.1.2 255.255.255.128 ISA DMZ: 192.168.1.129 255.255.255.128 ISA internal: 192.168.2.1 255.255.255.0 Would this be all right ? I realize, that in a standard setup, ISA would Have to use routable addresses on both external and DMZ networks. But in This setup, the DMZ addresses, would actually be routable to the gateway on 192.168.6.1 I need this setup, to test routing ESP protocol 50 traffic between outside And DMZ. Any comments on that will be appreciated. Regards, David Elmquist ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')