ISA doesn't filter traffic within the LAT. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "William Holmes" <wtholmes@xxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, July 16, 2002 8:13 PM Subject: [isalist] Security Between Internal Subnets/Interfaces http://www.ISAserver.org Hello, I have a Tri-Homed ISA Server. Interface #1 External [192.168.100.1] Interface #2 Internal [192.168.101.1] Interface #3 Internal [192.168.102.1] The addresses on Both Interface 2 & 3 have been added to the LAT. I have a Site & Content Rule that permits any request to All External Destinations. I also have a protocol rule that applies to All IP Traffic and Any Request. Next I Create a Destination Set that includes the network addresses from [192.168.101.1] through [192.168.101.254], and a Client Address Set that includes the addresses form [192.168.102.1] through [192.168.102.254]. Finally I created a site and content rule that denies all traffic originating on the client address set that is destined for the Destination set. Unfortunately all the traffic gets through anyway. Could someone point out what I am doing wrong? Thanks Bill ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')