Hello I read with great interest your article on "ISA Server DMZ Scenario" and am attempting the first listed. I wonder if I am missing something regarding the routing. (FYI private NIC access is working perfectly). I have a public NIC with IP xx.xx.xx.130/28 (range 128-143, ISP router 129) I have DMZ NIC with IP xx.xx.xx.137/29 (range 136-143). Web server is xx.xx.xx.140 and I have created an allow packet filter for HTTP (port 80). Local computer is "this computer in perimiter = xx.xx.xx.140. Remote computer is any. But it doesnt work... Do I need to create any static routes on the ISA machine to ensure ISA public NIC routes the traffic it sees n xx.xx.xx.130 but which has addresses xx.xx.xx.137-142? Similarly do I need to create filters to allow the DMZ server to 'send' the responses? The article appears to indicate not, but perhaps I have misunderstood. Do I need to add any additional IP addresses on the public NIC (e.g. an IP address which is in the DMZ (for example adding xx.xx.xx.138 to the public address)? I have spoken already with some other people and they have concluded that they were unable to set up the DMZ in trihomed manner - but I can't believe that is so! I can't find articles relating to subnet/supernet on ISASERVER.ORG - perhaps that is what I require. Thank you in advance for any assistance you may be able to provide. Regards Clive Crocker CMC Communication Systems Ltd