Hi Joseph, Good stuff! I'm a bit confused about why you couldn't NAT between the DMZ between the front-end and the back-end, because it shouldn't be a problem to publish the DNS server back there. You publish it first on the front-end ISA firewall and then publish it again on the back-end. What kind of errors where you seeing? Thanks! Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: josephk [mailto:josephk@xxxxxxxxx] Sent: Tuesday, November 16, 2004 4:55 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Inter Domain Communications http://www.ISAserver.org Hi Thomas, 666 has been plaguing my network already! So, I decided to rebuild every machine. Plus, I have 2 lines now. 1 DSL and 1 cable. I've kept them separate so that I Could test out vpn and other setups. With my DSL qwest sent me a new actiontec modem 740wg. There was some very strange setup Stuff that I had to figure out to get this talking with ISA 2004. I also bought a block Of 8 ip addresses. Would you like me to document steps that I had to do with getting this working with a new Modem type? I'm also amazed that I have my own primary dns server running in the DMZ zone behind the back end ISA. NAT would not work. I found this out when you do nslookup on my stuff. So, I had to ROUTE from front end ISA to Back end ISA. I'm going to list all my rules. Very basic but solid at this point so, we can start getting Some best practice stuff done for back to back with isa 2004 firewalls. I'm getting ready to put up my perimeter zone with authenticated exchange and site server stuff. I'm looking forward to that! Being offline for 2 weeks was the pits. Good thing I still had connections to at least surf the web looking for ideas. Thank you, Joseph -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tuesday, November 16, 2004 2:42 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Inter Domain Communications http://www.ISAserver.org Hi Joseph, If its just the port number, it doesn't matter. You can use 666 if you want :) Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: josephk [mailto:josephk@xxxxxxxxx] Sent: Tuesday, November 16, 2004 4:25 PM To: [ISAserver.org Discussion List] Subject: [isalist] Inter Domain Communications http://www.ISAserver.org Hi All, I think that I'm finally getting a handle on my network! But, I do have a couple of questions that I hope can get answered on this list. From the following articles which is the best practices method of using the ADLong/DirRep? I'm just wondering why the difference in setup. Thank you, Joseph http://www.isaserver.org/articles/2004perimeterdomain.html *ADLogon/DirRep: Primary Connection: 50000 TCP Outbound (requires RPC key set on the back-end Exchange Server) Perform the following steps on each of the domain controllers in your domain to change the RPC replication port to 50000: 1. Click Start and click Run. In the Open text box enter Regedit and click OK. 2. Go to the following Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\ 3. Click the Edit menu and point to New. Click DWORD Value. 4. Rename the entry from New Value #1 to TCP/IP Port, then double click the entry. 5. In the Edit DWORD Value dialog box, select the Decimal option. Enter 50000 in the Value data text box. Click OK. 6. Restart the domain controller. http://www.isaserver.org/articles/2004dmzfebe.html ADLogon/DirRep: Primary Connection: 1600 TCP Outbound (requires RPC key set on the back-end Exchange Server) ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: josephk@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx