>I configured a DMZ using private network address. Not good. DMZ by design needs to be public IP address. >The internal ISA server serves as the bridge between the DMZ and the internal corporate network. What do you mean by bridge? Router? Not as a firewall? The subnet for the "DMZ", is it in the LAT of the "1st" ISA? What are the TCP/IP settings on the "External interface" of the "Internal 2nd" ISA? What are the TCP/IP setting on the "Internal interface" of the "External 1st" ISA? Kind of sounds like a LAT/routing issue. John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -----Original Message----- From: Marco Castillo [mailto:mabcastillo@xxxxxxxxxxxxxxxx] Sent: Friday, October 11, 2002 12:46 PM To: [ISAserver.org Discussion List] Subject: [isalist] Some help required!!! http://www.ISAserver.org Hello to all the ISA maillist!!! I have configured the following scenario: I have two ISA servers in the configuration back to back, let's name them the internal and the external ISA Servers. I configured a DMZ using private network address. The subnet of the DMZ is 192.168.9.0 mask 255.255.255.0. The internal ISA server serves as the bridge between the DMZ and the internal corporate network. The subnet used in the internal corporate network is 192.168.10.0 mask 255.255.255.0. The addresses of the internal ISA Server are 192.168.9.34 for the DMZ subnet and 192.168.10.34 for the internal corporate network subnet. I have installed a SMTP server in the DMZ subnet, the address for this server is 192.168.9.10. Here is my problem: I need that the internal corporate network users access the SMTP server located in the DMZ. For this use, I configured a protocol rule allowing my internal users to connect to a SMTP service through the internal ISA Server, but this doesn't work. I'm unable to made a telnet session to the port 25 (SMTP port) in the SMTP server (192.168.9.10), I'm actually receiving the error: "Session disconnected from the host", and the same happen when I'm trying to connect using a SMTP client program like Outlook. The funny thing is that http works great, without any problem. I try some other protocols, like telnet and they don't seem to work in the DMZ. In few words, the protocols rules aren't functioning in the DMZ subnet. Does anybody has an idea of the problem???, I'm configuring all the internal corporate clients as SecureNAT clients, maybe I have to upgrade to firewall clients??? Any help would be apreciated!!! Thank you in advance Ing. Marco Antonio Castillo Chief Design Engineer Van Der Kaaden IT Consulting Guatemala, Guatemala C.A. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')