Jim is right. Routers are designed to ignore traffic that they should not be seeing. Also, traffic generated on a network segment that is not in the network class as another machine will also be ignored. A box of 10.100.100.1 and a box on 192.168.100.1 will not talk even if they have a crossover cable plugged into them if TCP/IP is the only protocol stack running on it. Or you have a custom written TCP/IP stack, and with that case both us and an ISA server are of no help to you. And I'd be surprised that any of your equipment would be working at all. You might as well be running IPX/SPX with a translational bridge then. I'd suggest a basic networking book from Cisco as a good place to start.... Good luck with that.... Troy -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Monday, January 03, 2005 9:19 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publishing Exchange through ISA on a complex network, http://www.ISAserver.org No application can get around basic TCP/IP routing. It's unrealistic of you to expect that. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -----Original Message----- From: Ruba Al Omari, Eng. [mailto:romari@xxxxxxxxxxxxxxxxx] Sent: Monday, January 03, 2005 12:17 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publishing Exchange through ISA on a complex network, http://www.ISAserver.org Thank u, I will try that and most likely will keep the ISA on the same subnet. However technically there is a route between the exchange and the ISA that is on another subnet, and there should be a way (without adding a second NIC on the exchange) on the application level to ask the NIC to direct specific type of traffic to another IP as far as its reachable then it shouldn't be the application's business whether its on the same subnet or not, right? I can do that at layer 3 but I don't want to mess the routing tables, I thought the application will deal better with this and I realize it's not an ISA issue at this point. Its like the application will say take this packet to w.x.y.z; layer 3 will not find this w.x.y.z and will send it through its GW and keep going till it reaches a routing table where that IP is reachable without having to have that specific IP as a last resort. Its like the application doesn't trust that layer3 knows what its doing and will deliver the packet. Does this make sense or am I drinking a lot of caffeine lately? Thanx r. -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Saturday, January 01, 2005 7:41 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publishing Exchange through ISA on a complex network, http://www.ISAserver.org Since you can't meet the requirement of making the ISA the default route for your server-published resources, you have to use alternate methods. You don't say want ISA version you're using, so... ISA 2000: http://support.microsoft.com/?id=311777 ISA 2004: - set the "Requests appear to come from the ISA server" in the "To" tab of the affected publishing rule Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -----Original Message----- From: Ruba Al Omari, Eng. [mailto:romari@xxxxxxxxxxxxxxxxx] Sent: Saturday, January 01, 2005 12:07 AM To: [ISAserver.org Discussion List] Subject: [isalist] Publishing Exchange through ISA on a complex network, http://www.ISAserver.org Hi, Is there a way to publish exchange through ISA if exchange is on a different subnet? I read Jim's article about designing ISA in a complex network http://www.isaserver.org/tutorials/Designing_An_ISA_Server_Solution_on_a _Complex_Network.html but it doesn't work with me, I can't set a specific ISA to be the last resort for the whole network; each subnet has its requirements and I have more than one ISP, the exchange doesn't have an option where the user can say direct the SMTP traffic to this specific IP (but not the smart host), and of course I can't set the ISA as the GW of the exchange because its on a different subnet, what am I missing here? Another thing is I placed an ISA on the same subnet of the exchange temporarily, the following is the configuration: ISA: 2 NICs: 1- Internal 10.92.60.20 ; DMZ: 200.200.200.194 for example Exchange: 1 NIC: 1- 10.92.60.4 Untrust : 200.200.200.208 Exchange public IPs: 1- 200.200.200.195 2- 200.200.200.196 I have not tried this but I assume if I assign the exchange IPs as multiple IP addresses for the ISA DMZ interface and publish the exchange things will work fine, is this correct? Currently I had to publish the email through hardware firewalls. Thanks for any help r. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: romari@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tradtke@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx