Hi Tom, In my opinion this depends on your definition of a perimeter network. If you mean a perimeter network realized with three NICs on ISA you may be right. But if you have a "normal" ISA installation which maybe is surrounded by another firewall (e.g. paket filter) then you are wrong. I thought on Etiennes post that he is in a latter situation and therefore needs to know which ports exactly has to be opened in the packet filter to log on to a w2k domain. This is described in the link to the KB article I sent yesterday. Greets Christian -----Ursprüngliche Nachricht----- Von: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Gesendet: Freitag, 23. Mai 2003 08:37 An: [ISAserver.org Discussion List] Betreff: [isalist] RE: ISA in DMZ with authentication by Domain (with DC i n internal network) http://www.ISAserver.org Hi Christian, I think you sent the wrong link. You meant to send this one: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q329807 <http://support.microsoft.com/default.aspx?scid=kb;en-us;Q329807> HTH, Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1> Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Christian.Schramm@xxxxxxxxxxxxxx [mailto:Christian.Schramm@xxxxxxxxxxxxxx] Sent: Thursday, May 22, 2003 6:47 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA in DMZ with authentication by Domain (with DC i n internal network) http://www.ISAserver.org hi... http://support.microsoft.com:80/support/kb/articles/Q280/1/32.ASP <http://support.microsoft.com:80/support/kb/articles/Q280/1/32.ASP&NoWebCont ent=1> &NoWebContent=1 Greets Christian -----Ursprüngliche Nachricht----- Von: Etienne Goetynck [mailto:Etienne.Goetynck@xxxxxxx] Gesendet: Donnerstag, 22. Mai 2003 13:20 An: [ISAserver.org Discussion List] Betreff: [isalist] ISA in DMZ with authentication by Domain (with DC in internal network) http://www.ISAserver.org Hi everybody, I have a ISA Server (on W2K srv SP3, stand alone server) in DMZ (not as FW, just Web Publishing). I would like that ISA Server be able to authenticate users of my domain, but DC's ( W2K SRV SP3 ) are in the internal network. Is it possible ? If yes, I suppose that I must open some protocols on the Firewall...but, which ones. Some help or idea's for me ? Thank you in advance. Etienne ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: christian.schramm@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: christian.schramm@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')