Bill, ISA is acting as expected. If the sending and receiving address are both in your LAT, then ISA does not filter the packets. Kevin -----Original Message----- From: William Holmes [mailto:wtholmes@xxxxxxxxxxxxxx] Sent: Tuesday, July 16, 2002 9:13 PM To: [ISAserver.org Discussion List] Subject: [isalist] Security Between Internal Subnets/Interfaces http://www.ISAserver.org Hello, I have a Tri-Homed ISA Server. Interface #1 External [192.168.100.1] Interface #2 Internal [192.168.101.1] Interface #3 Internal [192.168.102.1] The addresses on Both Interface 2 & 3 have been added to the LAT. I have a Site & Content Rule that permits any request to All External Destinations. I also have a protocol rule that applies to All IP Traffic and Any Request. Next I Create a Destination Set that includes the network addresses from [192.168.101.1] through [192.168.101.254], and a Client Address Set that includes the addresses form [192.168.102.1] through [192.168.102.254]. Finally I created a site and content rule that denies all traffic originating on the client address set that is destined for the Destination set. Unfortunately all the traffic gets through anyway. Could someone point out what I am doing wrong? Thanks Bill ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: kevin@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')