Sure - with any Network INterface Card you have at least ONE Primary IP address, and you can also add additional IP addresses to the Interface as well, what I discovered was this, My original published MX server that was behind my Old Raptor Firewall had an IP address of 64.80.200.9, when I built my ISA server to replace the Rpator firewall, I assigned the External Interface the IP address of 64.80.200.250, then I moved my public MX server off of the DMZ of my Raptor Firewall and onto the DMZ of my new ISA server, keeping the same Published DNS IP address of my MX server which was 64.80.200.9, I simply added that IP address as a secondary address to the External interface of ISA, thinking everything was going to migrate smoothly, what I discovered was this, out bound mail was delivered but the return trip got lost, until I actually changed the Primary IP address of ISA from 64.80.200.250 to 64.80.200.9. Now here is where it gets interesting, I also run 4 Layer 2 VPN tunnels through my ISA server which connect other offices, well, of course this broke the Tunnels until I modified all the Packet filters and changed the Tunnel end point IP addresses in RRAS to match the new ISA public IP address of 64.80.200.9. Everything seems to be working, except now my Public DNS Server has a different address and the same Got Cha applies when I attempted to publish my DNS server on my ISA's DMZ. even though the I have the public IP address of my DNS server added as a secondary. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Thursday, October 30, 2003 7:48 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Interesting ISA Problem http://www.ISAserver.org Hi Glenn, Outbound mail will always leave through the default IP address. I'm not exactly sure what the problem is that you're trying to explain here. Can you get it another try? Thanks! Tom www.isaserver.org/shinder <http://www.isaserver.org/shinder> _____ From: Glenn Maks [mailto:gmaks@xxxxxxxxx] Sent: Thursday, October 30, 2003 3:36 PM To: [ISAserver.org Discussion List] Cc: jim@xxxxxxxxxxxx Subject: [isalist] Interesting ISA Problem Importance: High http://www.ISAserver.org Ok - I solved my publishing DNS issue, I decided to run DNS on my ISA server and have that serve as my SOA for all my public name spaces, but here is something I discovered, both with publishing my MX server and playing around with publishing DNS Servers. I have on my External NIC one primary IP address and several additional IP addresses for other services like web sites and FTP sites and so on, I discovered that no matter what services I pass through ISA it will not work unless I use the Primary IP address. Let me explain, My Public MX server was living behind my old firewall, in the process of migrating services over and replacing my OLD firewall with ISA, I moved the MX server behind my ISA server, I took the Public IP address for the MX server and added it as an additional IP address to the External Interface of ISA, then I published the MX server, I found that mail could be delivered but the return trip got lost, it was not until I changed the Primary IP address of the ISA server to the Original IP address the MX server was known as, did the mail come back to me. ? Same as the DNS issue I had, running DNS on my ISA server and having it listen on all interfaces one would think it would work even though the IP address of the SOA server is NOT the primary IP address of the ISA External Interface. I hope I was clear in my explanation. Any Takers on this one ?? ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmaks@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')