I'm using the firewall client on all of my client machines and we also use ISP provided POP3 from the internet. Everything works like a charm. My opinion, which may be different than the list, is not to have all clients secure nat to the ISA. All of my clients have a default gateway set to my cisco router. If you have more than one physical location that is tied into your network, making the clients secure nat to the ISA is BS and will cause headaches. If you do this then you're left with using the ISA as a router for intra office communication. My philosphy is this, clients behind the inside (south) nic in the ISA should have the FW client installed or their web browsers manually pointed to the IS,. and their default gateways pointed to a cisco router. Servers that are published through the ISA should only be your only secure nat clients, especially in in a DMZ setting. -----Original Message----- From: cth@xxxxxxxxxxx [mailto:cth@xxxxxxxxxxx] Sent: Wednesday, December 18, 2002 11:53 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: RES: POP3 & SMTP Is it really preferable to make all internal clients SecureNAT instead of using the firewall client? It would seem that a Windows 2000 box would be a greater point of failure than a Cisco router. Ours has been down twice now. Once as they fan went bad on the Compaq DL 360 and once as the power went out on that UPS. In both cases the Exchange servers that we publish use the ISA server as SecureNAT and the entire company was shut off from mail. If the ISA server is the def gateway then if it goes down not much will get done by ALL internal clients, right? Is this the list view of a best practice (all internal SecureNAT)? I am just curious as to the thinking. Chris -----Original Message----- From: Alex Decarli [mailto:alex@xxxxxxxxxxxxx] Sent: Wednesday, December 18, 2002 7:48 AM To: [ISAserver.org Discussion List] Subject: [isalist] RES: POP3 & SMTP http://www.ISAserver.org First, if you use the firewall client to this purpose, uninstall it. All client machine should be SecureNAT Clients (Default gateway should be internal IP address of ISA Server) create a protocol rule called (for example) allow Outlook Express, select smtp and pop3 protocol and appy to IP addresses of these computers. Create a site and content rule with the destinations of mail servers.... Hope this Help, ALEX -----Mensagem original----- De: Alex S. Pereira [mailto:9047.alexsp@xxxxxxxxxxxxx] Enviada em: quarta-feira, 18 de dezembro de 2002 09:26 Para: [ISAserver.org Discussion List] Assunto: [isalist] POP3 & SMTP http://www.ISAserver.org Hi, I have just created a my first ISA Server, but I have a great problem, my clients access email via pop3/smtp using Outlook Express, the clients are behind my ISA Server and the mail server on Internet, I can access any WebSite but can not access the mail server, the client machine have Firewall Client installed. Anyone can help me ? Thanks, Alex List Sponsored by Aspelle Aspelle's Microsoft-centric, Aspelle Everywhere, leverages ISA server and the Internet to quickly and cost-effectively manage and deliver secure, client-less access to all corporate applications (Web, Unix, Windows and legacy systems), for all users. More info at http://www.aspelle.com/info ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: alex@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') List Sponsored by Aspelle Aspelle's Microsoft-centric, Aspelle Everywhere, leverages ISA server and the Internet to quickly and cost-effectively manage and deliver secure, client-less access to all corporate applications (Web, Unix, Windows and legacy systems), for all users. More info at http://www.aspelle.com/info ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cth@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')