Hi Joe, Can you post a network diagram? It really speeds up understand of your environment. You don't need to include every host, just the ones participating in the communications path. Thanks! Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp <http://www.microsoft.com/isaserver/beta/default.asp> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Joe Pochedley [mailto:joepochedley@xxxxxxxxx] Sent: Friday, June 18, 2004 10:42 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FW: Different firewalls. Maybe a dumb question. http://www.ISAserver.org I've got my Exchange server set up in a fashion that would handle this (for the reason to provide incoming redundancy though)... Please keep in mind that I don't understand this completely, so maybe someone who has a better grasp of IP and the way things are handled through ISA can fill in the blanks... Basically, you can set up a Windows server with two different default gateways, setting the one with the higher metric to be the one you want your outbound traffic to go through.... You need to manually add the second route through the ROUTE ADD command, as doing it through the GUI doesn't seem to stick... Doing this will cause all outbound mail to go through the lower metric gateway, but the Exchange server will still respond back through the ISA server that accepted the incoming SMTP session... Without these two gateways on the Exchange server, incoming client requests sent to the second (incoming only) ISA server never seem to get a response back from the Exchange box... Now, this is where my understanding falls apart... It's my understanding in the realm of IP routing that the route to and from a client doesn't need to be the same... Having the outbound part of a incoming SMTP communication go through a different gateway should work OK... Maybe it's just the way the session is initiated and flow handled through ISA? (I haven't tested this type of scenario without ISA) I was told once that this quirk may be due to Windows support for dead gateway detection (DGD)... Maybe that's the case though I don't understand DGD enough to say for sure... I can confirm that I haven't been able to replicate this ability to communicate simultaneously through two ISA servers (inbound SMTP) to a Linux box (which doesn't support DGD), but I can also confirm that I've run this configuration on multiple Exchange boxes behind two ISA servers... Not to usurp the thread, but if anyone can tell me how to allow a Linux SMTP box (SNAT of course) to accept and properly respond to incoming SMTP requests from two ISA servers which are acting as default gateways to two different ISPs, I would be eternally grateful. (Hey, I'm sure it would provide an alternate resolution to the original question as well!) Joe Pochedley ________________________________ From: G. Waleed Kavalec [mailto:Kavalec@xxxxxxxx] Sent: Friday, June 18, 2004 12:17 PM To: [ISAserver.org Discussion List] Subject: [isalist] FW: Differenet firewalls. Maybe a dumb question. http://www.ISAserver.org Please forgive the cross-post... -----Original Message----- To: MS-Exchange Admin Issues Subject: Differenet firewalls. Maybe a dumb question. Can I direct outgoing mail through a different firewall than incoming mail? Firewall = ISA server 2K Exchange = 2K And if so, how? ---------------------------- G. Waleed Kavalec Baca, Stein, White and Associates 281-342-2646 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: JoePochedley@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist