There are lots of DMZ options for ISA. Check out the DMZ articles at www.isaserver.org for some details and ideas. For instance, with ISA and RRAS / IPSec, there's no reason your DMZ has to be external to ISA. Since ISA has more application-layer smarts than most firewalls, you can actually move away from the "tiered" DMZ model and create one more to your business and security liking. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Mike Scott" <mscott@xxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, December 15, 2003 12:33 Subject: [isalist] ISA Multi-Homed Requirement? http://www.ISAserver.org We are in the process of implementing an ISA server primarily to secure our Exchange traffic better than it is. We currently have our Exchange Server on our DMZ with entries in our Cisco PIX firewall to allow the inside network to see it and access it. We are being told that the only way to configure ISA for what we want would be to multi-home our ISA Server. Is that correct and if so, are there any security risks we are opening ourselves up to by having this configuration? I'm in an office that is becoming more and more paranoid regarding our security setup and they've been told over and over that multi-homing is bad...Any light you could shed would be great. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')