You can operate ISA behind other firewalls; just make sure that ISA understands how to use them to reach the Internet (routing rules, etc.) As far as IP assignment, just make sure that the internal and external interfaces don't share the same subnet. Much frustration to be had if you do. You don't need AD just to host DNS. By the same token, AD doesn't work without DNS. On the third hand, AD on an ISA is a very weak security model. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the book! ----- Original Message ----- From: "Souko souko" <ssouko@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, December 19, 2001 06:15 Subject: [isalist] ISA Server DMZ Scenarios,DNS for ISA Server http://www.ISAserver.org Hi, Really good work on Isaserver.org, Congrats. I was reading your articles because I'm facing exactly the same scenario. I've got a Firewall 1 already installed in a Three Homed configuration with real IP's for the DMZ servers (WEB...). I need to go to back to back with real IP's (don't want to lose the granted IP's) with ISA as the internal firewall. I'm going to publish the internal SQl so that the IIS in the DMZ can see it. Do you see any problems having ISA -> DMZ -> FW 1 ? I'm thinking of giving the existing internal IP of FW1 to ISA so I won't need to reconfigure the internal clients. Is there something to fear ;-) or look out for? Finally (Please excuse me if this a newbie question) There aren't any internal DNS servers. DNS is external. Can ISA perform any DNS caching? Is it preferable - possible to have ISA configured as a PDC in its own domain to resolve DNS? P.S. Thanks to all for the replies on my previous post. I've got my sleep after all, so because I keep my word if anybody visits Greece I'm buying the Beers! Thanks in advance. _________________________________________________________________ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')