You'll never get ICMP through ISA to the internal network. For the rest of the protocols, you need: 1. Protocol definitions (of the "Server" variety) 2. Server publishing rules that use those protocol definitions 3. internal hosts that are secureNAT client running those services Check out www.isaserver.org for all the tutorials you'd ever want to read... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "william" <wmpalasota@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, April 11, 2002 1:03 PM Subject: [isalist] Incoming requests http://www.ISAserver.org I need to establish 3 rules for incoming requests one group 10.151.24.4 for development one group (two addresses) 10.152.1.21 and 10.152.1.5 for testing one group 32.85.58.41 and 42 for production I must allow ICMP, TELNET and the following TCP ports (incoming) 1433, 8065 8090, 1521, and 300 If you have already answered a similar question, please refer me to the FAQ and I apologize for contributing to the traffic. My firewall does its job just fine, no one can get in, my problem is I need to let the above in. William ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')