Jim, Thanks for the help. I'm afraid that we are still pretty lost! (We are software developers, not network engineers.) Anyway, I am going to explain our situation in some more detail. I realize this may be getting beyond the point where we can expect free assistance from this list. If so, I would probably be willing to pay someone to help us with this. Here goes: We have an ISA server with 4 NICs. One goes to the T-1 line and has an IP address of 66.64.10.xxx. Another goes to our internal network and has an IP address of 192.168.0.15. A third goes to another company downstairs (to split the cost of the T-1) and it has 192.168.1.1. The fourth was intended for use with the DMZ and currently doesn't have anything! We currently have access to the internet from both internal networks. That's working!! Our ISP gave us a set of 6 IP addresses from 66.64.11.249 to 66.64.11.254. (66.64.11.248/29) As a first step we would like to publish one web server to the internet. Are we going about this the right way? Should the web server be connected to the 4th NIC outlined above? Or should it just remain on our local network? And how do we set up other web (or Exchange or whatever) servers later? I suspect from what we have seen that we are going to have a bunch of other issues here. It's not at all clear to me how to set up ISA server once we get everything connected properly either! I'm not sure how we get the public IP addresses assigned to the correct servers through ISA Server. Any light that anyone can shed on this would be appreciated. Thanks. Guinn Unger -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Friday, July 27, 2001 6:48 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: IP Addresses on DMZ http://www.ISAserver.org The IP assignment for the three-homed DMZ is a subset of the external IP range. For instance, if your ISA owns a 30-IP range of 123.123.123.33 - .62 with a mask of 255.255.255.224, you could assign IP's 33-47 to the external interface and assign IPs 49 to 62 with a mask of 255.255.255.240 to the DMZ and use 123.123.123.49 for the ISA DMZ NIC. 123.123.123.49 would become the default gateway for any DMZ-based server. The ISA settings would then look like: External - IP = 123.123.123.33 Mask = 255.255.255.224 DG = 123.123.123.xxx (router, or ISP-supplied) DNS = <empty> DMZ - IP = 123.123.123.49 Mask = 255.255.255.240 DG = <empty> DNS = <empty> Internal - IP = 192.168.0.1 Mask = 255.255.255.0 DG = <empty> DNS = <depends on your config> Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: "Guinn Unger" <mlists@xxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, July 27, 2001 11:20 AM Subject: [isalist] IP Addresses on DMZ http://www.ISAserver.org We are trying to set up a DMZ scenario with a web server. We have three NICs in the ISA server. One to the T1, one to the internal network, and one to the DMZ. My question concerns the IP addresses on the DMZ. I assume that one of the public IP addresses needs to be assigned to the NIC in the web server. But what IP address can be used on the NIC in the ISA machine that goes to the DMZ? Is there some additional information about this somewhere? Thanks. Guinn Unger Unger Technologies, Inc. Microsoft Certified Partner Compaq Solutions Alliance Partner geunger@xxxxxxxxxxxxx www.ungertech.com 281-367-2477 Hard work spotlights the character of people: some turn up their sleeves, some turn up their noses, and some don't turn up at all. - Sam Ewig ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mlists@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')