What you could use is a router that sits on the same IP segment that your ISA's external NIC is plugged into, use the router to do IP redirects for any published services you offer to the Internet, have your router redirect these services, including SMTP to your ISA's External NIC, then setup a service redirect on your ISA to forward the request to your internal server that serves up what ever service you offer, including SMTP. The router gives you the flexibility of using the Public IP range your ISP assigned you rather than publish all public services using your External ISA's IP address. Services must have a public IP address if you want them available to the Internet, rather than always use your ISA's External IP address you can select an IP from the range your ISP gave you and have the router redirect this IP to your ISA server, thought I would explain again what I was trying to say. -----Original Message----- From: Steven Fitzgerald [mailto:Steven.Fitzgerald@xxxxxxxxxxxxxxxxxx] Sent: Friday, August 23, 2002 11:55 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Exchange DMZ IP mayhem. http://www.ISAserver.org Thanks John, When you say that I should publish the server as being on a second internal LAN, what exactly do you mean? Regards, <mailto:steven.fitzgerald@xxxxxxxxxxxxxxxxxx> Steven Fitzgerald <http://www.microsoft.com/trainingandservices/default.asp?PageID=mcp&PageCal l=mcp&SubSite=cert/mcp&AnnMenu=mcp> MCP Technical Support <http://www.xitec-software.com/> Xitec Software -----Original Message----- From: John Tolmachoff [mailto:isalist@xxxxxxxxxxxx] Sent: 23 August 2002 15:40 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Exchange DMZ IP mayhem. http://www.ISAserver.org A DMZ zone must be a subnet of the public IP address subnet of the external interface of ISA. Therefore, your scenario will not work, as the ISP is assigning you private IP addresses, which are not routable via the internet. Either get a public IP subnet from your ISP, or publish the server as being on a second internal LAN. John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -----Original Message----- From: Steven Fitzgerald [mailto:Steven.Fitzgerald@xxxxxxxxxxxxxxxxxx] Sent: Friday, August 23, 2002 5:07 AM To: [ISAserver.org Discussion List] Subject: [isalist] Exchange DMZ IP mayhem. http://www.ISAserver.org Hi Everyone, I'm currently pulling my hair out, as some people here kindly helped me set up my Exchange 2000 Server test environment behind ISA server before, and it all worked. I now find myself in the position of setting it all up again, with a new ISP and a whole new set of rules. What I want to do, is set up my Exchange server in a DMZ behind the ISA server, however, the ISP can only forward mail to a certain IP subnet (10.0.3.x). My ISA server is on 10.0.3.1, and my Exchange server, as recommended by a Microsoft article, is on a different subnet 10.0.2.2. The ISP can't forward SMTP traffic to 10.0.2.2, but they can send it to the ISA server. My question is, should the ISA server, with the correct Protocol filter set up, automatically know to send SMTP mail to 10.0.2.2? Or will I have to set up another IP address on the Exchange server, (i.e. 10.0.3.3) and get the ISP to forward SMTP mail to that IP, thus bypassing the firewall? If I do apply the above, will that mean that the Exchange server is open to hackers? Many thanks for your help. Steven Fitzgerald MCP Technical Support Xitec Software ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steven.fitzgerald@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmaks@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')