Hi Guys, I have some requirements and have some network designs for them. I need your comments and suggestions. My LAN comprises of , 1 cisco 2501 router,3 Cisco switches (24 port) and one set of class C IP addresses. Public Web servers, mail servers, SQL servers and users. one PDC and 2 BDC's Currently all the Switches are connected to the Router and all computers are assigned public IP's Requirements. To control the internet access of the local users and to have better security. Some internal users need public IP address. The design 1) ISA server in a DMZ senario. Internet | Router | Switch (Public IP users) | ISA Server -- Switch -- DMZ (public servers) | Switch (Local users (secureNAT)) | LAT 2) Slightly different DMZ Internet | Router | ISA Server -- Switch -- DMZ (public servers and users) | Switch+Switch (Local users (secureNAT)) | LAT 3) Normal ISA Internet | Router | Switch (Public IP users and Public servers) | ISA Server | Switch+Switch (Local users (secureNAT)) | LAT 4) Restric using the Router Without seperating the local user and the public ip servers in different switches, force the local users to go through the ISA server by access lists in the router. (router will permit traffic only from the ISA server and from the other public servers) I might have a problem in all these 3 senarios, when authenticating local and public IP users in the Domain, using the same Domain controller. But for this i think i can have 2 NIC's in the PDC and have both local and public IP's assigned. So guys,,,its a long story and i need the help you guys. any completely different designs are also welcomed. Thanks for your time shivi