All, I'm trying to enable intradomain communcation between the perimeter and internal networks in my virtual environment. The basic topology of the environment looks like the following: Corporate Network (treating as ISA external) | .---------. | ISA | --- Perimeter Network (treating as ISA perimeter) '---------" | Internal Network (treating as ISA internal) The Corporate Network is the corporate internal network, which I am using to simulate the "Internet". I followed the documented procedures at the following link (thanks again, Tom!) to facilitate this communication. http://www.isaserver.org/tutorials/Configuring-Domain-Members-Back-to-Back-ISA-Firewall-DMZ-Part2.html # However, the server that I have in the perimeter network is not able to query the DC for DNS that I have in the internal network. Below are the log entries and by the look of it, this appears to be a network rule issue as opposed to a firewall rule issue. 10.3.0.40 - UDP - - - 8/22/2008 11:53:05 AM 1031 0 0 0 0x0 0x0 - 8/22/2008 7:53:05 AM 10.3.0.40 10.2.0.20 53 DNS Denied Connection 0xc0040012 FWX_E_NETWORK_RULES_DENIED Perimeter Internal - HVW2K3ISA01 Firewall 10.3.0.40 - UDP - - - 8/22/2008 11:53:07 AM 1032 0 0 0 0x0 0x0 - 8/22/2008 7:53:07 AM 10.3.0.40 10.2.0.20 53 DNS Denied Connection 0xc0040012 FWX_E_NETWORK_RULES_DENIED Perimeter Internal - HVW2K3ISA01 Firewall The Internal Network Element in ISA has the range 10.2.0.0 - 10.2.0.255defined. The Perimeter Network Element in ISA has the range 10.3.0.0 - 10.3.0.255 defined. The Network Rule is listed as rule 4, has a routing relationship between the source network Perimeter and the destination network Internal. Any thoughts on what I am missing? -- Cordially yours, Jerry G. Young II Microsoft Certified Systems Engineer