Hi John, Just try it out. You'll see that you have to create explicit packet filters to allow inbound access and outbound responses. The packet filtering mechanism won't track the state of the connection. That's why we always try to steer you away from using ISA Server as a packet filtering router. You get the same packet filtering capabilities as you get with the Win2k RRAS filters. The POWER is in the private address DMZ. You can create a private address DMZ in a back to back setup, or you can leverage several methods to create a LAT-based DMZ segment. HTH, Tom -----Original Message----- From: John Tolmachoff [mailto:isalist@xxxxxxxxxxxx] Sent: Wednesday, October 30, 2002 4:05 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Stateful inspection http://www.ISAserver.org No. That's why packet filters and trihomed DMZ (including public address DMZs), suck. :-) Tom, are you serious? ISA does not do stateful packet in the DMZ? :-( Do the other vendors? John Tolmachoff MCSE, CSSA IT Manager, Network Engineer 701 S. Euclid La Habra, CA 91631 562-694-4800, ext. 104 jtolmachoff@xxxxxxxxxxxxxxxx www.reliancesoft.com <http://www.reliancesoft.com/> ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')