Hi Carson, check out http://www.isaserver.org/tutorials/Designing_An_ISA_Server_Solution_on_a_Com plex_Network.html HTH, Stefaan -----Original Message----- From: Carson Tu [mailto:ctu@xxxxxxxxxxxx] Sent: dinsdag 12 november 2002 18:33 To: [ISAserver.org Discussion List] Subject: [isalist] Publish Internal Terminal Server which is behind layer 3 switch http://www.ISAserver.org I don't mean to ask everybody back to previous discussion of TS publish. But my case is different. Because there is a layer 3 switch in this picture. I have ISA server connecting to public network and internally 192.168.2.x network. There is another internal subnet, 192.168.5.x, in which we have a win2K server with TS need to be publish into internet. The 2 internal subnet are connected by Exterme Summit48 switch with VLAN. We do add route to both the switch and our ISA server. Routing is working fine. I have successfully publish some server on 192.168.2.x subnet with alternative port. But when I do the same to the server on 5.x subnet, I cannot connect it through external network. The interesting thing is, if I eliminate the IP package filter on ISA by enable the "Allow ALL" rule. The publishing of 5.x subnet works! If I disable "allow all" rule, just have the default rule plus enable "allow TCP 33xx/both direction" rule, the TS publish doesn't work for 192.168.5.x subnet. But, it work for 192.168.2.x subnet. So, I believe, I must have to setup a new IP package filter for 5.x subnet TS publishing. Does anybody have idea about what kind of IP package filter I need to setup? This filter must not need for 2.x subnet, which is connecting to ISA internal NIC directly. How does the layer 3 switch make a different IP package? Thanks. Carson List Sponsored by Aspelle Aspelle's Microsoft-centric, Aspelle Everywhere, leverages ISA server and the Internet to quickly and cost-effectively manage and deliver secure, client-less access to all corporate applications (Web, Unix, Windows and legacy systems), for all users. More info at http://www.aspelle.com/info ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')