I solved that problem with this I articulate of microsoft for that it didn't work me any publication rule How to Enable Translating Client Source Address in Server Publishing The information in this article applies to: Microsoft Internet Security and Acceleration Server 2000 Microsoft Internet Security and Acceleration Server 2000 SP1 This article was previously published under Q311777 IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base: 256986 Description of the Microsoft Windows Registry SUMMARYThis article describes how to enable the translation of the client source address in server publishing. This feature is provided by Internet Security and Acceleration (ISA) Server 2000 Service Pack 1. Note: This feature allows Server publishing to work correctly when using Network Load Balancing (NLB) on the external Interface of ISA. Without this change, server publishing is not supported when using NLB on the external interface. MORE INFORMATIONWARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. To enable the translation of the client source address in server publishing: Obtain and install ISA Server 2000 Service Pack 1.For additional information about how to obtain the latest ISA Server service pack, click the article number below to view the article in the Microsoft Knowledge Base: 313139 How to Obtain the latest Internet Security and Acceleration Server 2000 Service Pack Edit the registry: Start Registry Editor (Regedt32.exe), and then locate and click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fwsrv\Parameters On the Edit menu, click Add Value, and then add the following registry value: Value name: UseISAAddressInPublishing Data type: REG_DWORD Radix: Binary Value data: 1 Quit Registry Editor. Restart the Firewall service from the Services tool in Control Panel. In typical server publishing with ISA Server, incoming packets are received by the Firewall service and the destination address is changed in the new request that is sent to the internal server. The original destination address was the ISA server's external IP address, and the new destination address is the IP address of the internal published server. However, this new packet that was sent from the ISA Server computer to the internal server still has the original source address of the external client where the packet originated. This requires that the internal server have a default route to the Internet through ISA Server for reply packets to be returned back to the source (after being appropriately translated by ISA Server on the way out). Some large corporate networks do not have default routes out to the Internet, and in those environments, this can be a problem. A feature has been introduced in ISA Server 2000 Service Pack 1 allows you to set a registry value that causes ISA Server to also replace the source address of these incoming requests so that the packets that are sent to the internal server have the source address of the ISA Server computer. This allows the normal IP routing configuration in these large networks to route these packets back to the ISA Server computer which can then NAT these packets back to the original external host where the request originated. Note: This feature works only if the published protocol does not require an application filter (there were no secondary connections in the protocol) and for publishing FTP and RPC servers (only FTP and RPC application filters have this support). Last Reviewed: 1/18/2003 Keywords: kbhowto kbISAServ2000sp1fix kbnetwork KB311777