Shawn: Thanks you very much for your reply. I think it is helpful. I previously have 192.168.0.0-192.168.255.255 entry in my LAT. I think that cover 192.168.5.x subnet. Anyway, I add another entry for 5.x. Things seems wired right now. The publishing of TS from 5.x sometimes work. But it is not stable, sometime it doesn't work. Right now, I have "allow all" package filter disabled, and didn't add any new package filter rule. I have 5.x entry in LAT. TS publishing works in 90% of chance. But it fail 2 times. Once it fail, it will fail within 1-5 minites. Then it back to work without any reason. I delete the 5.x entry in LAT for testing. It is the same story, sometime works, sometime is doesn't. I am keep on trying. But didn't have a conclusion yet. I will keep tracking this problem and post the result if I have. Right now, it is working. If it doesn't fail within 1 day. I will say the publishing success. Thanks. Carson -----Original Message----- From: Quillman Shawn (RBNA/CIT7) [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: Tuesday, November 12, 2002 12:38 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publish Internal Terminal Server which is behind la yer 3 switch http://www.ISAserver.org Do you have 192.168.5.x in your LAT? -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT7 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Carson Tu [mailto:ctu@xxxxxxxxxxxx] Sent: Tuesday, November 12, 2002 12:33 PM To: [ISAserver.org Discussion List] Subject: [isalist] Publish Internal Terminal Server which is behind layer 3 switch http://www.ISAserver.org I don't mean to ask everybody back to previous discussion of TS publish. But my case is different. Because there is a layer 3 switch in this picture. I have ISA server connecting to public network and internally 192.168.2.x network. There is another internal subnet, 192.168.5.x, in which we have a win2K server with TS need to be publish into internet. The 2 internal subnet are connected by Exterme Summit48 switch with VLAN. We do add route to both the switch and our ISA server. Routing is working fine. I have successfully publish some server on 192.168.2.x subnet with alternative port. But when I do the same to the server on 5.x subnet, I cannot connect it through external network. The interesting thing is, if I eliminate the IP package filter on ISA by enable the "Allow ALL" rule. The publishing of 5.x subnet works! If I disable "allow all" rule, just have the default rule plus enable "allow TCP 33xx/both direction" rule, the TS publish doesn't work for 192.168.5.x subnet. But, it work for 192.168.2.x subnet. So, I believe, I must have to setup a new IP package filter for 5.x subnet TS publishing. Does anybody have idea about what kind of IP package filter I need to setup? This filter must not need for 2.x subnet, which is connecting to ISA internal NIC directly. How does the layer 3 switch make a different IP package? Thanks. Carson List Sponsored by Aspelle Aspelle's Microsoft-centric, Aspelle Everywhere, leverages ISA server and the Internet to quickly and cost-effectively manage and deliver secure, client-less access to all corporate applications (Web, Unix, Windows and legacy systems), for all users. More info at http://www.aspelle.com/info ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') List Sponsored by Aspelle Aspelle's Microsoft-centric, Aspelle Everywhere, leverages ISA server and the Internet to quickly and cost-effectively manage and deliver secure, client-less access to all corporate applications (Web, Unix, Windows and legacy systems), for all users. More info at http://www.aspelle.com/info ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ctu@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')