OK, that's a different kettle of colored horsefish... If you use the back-back DMZ, you get the benefit of web and server publishing for both the DMZ and the LAT. The only things you need to "double-publish" are those LAT servers that are meant to be reached from the Internet. The DMZ servers are published to the Internet, but "protocol-ruled" to the LAT. Does that help? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "cismic" <cismic@xxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, January 10, 2002 21:45 Subject: [isalist] Re: URGENT, need DMZ help http://www.ISAserver.org Just theoretical. And also a question to see if it would be a good idea to have publishing rules against each ISA server. I don't think it's a good idea, but still had the question. Joseph -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Thursday, January 10, 2002 9:16 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: URGENT, need DMZ help http://www.ISAserver.org Hi Joseph, That drawing conflicts with the description we began this conversation with... You described this: Internet | ISA -- DMZ | LAT ..but you drew this: Internet | ISA | -- DMZ ISA | LAT ..those are two entirely different scenarios... Which one are we talking about, or is it comparatively theoretical? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "cismic" <cismic@xxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, January 10, 2002 20:32 Subject: [isalist] Re: URGENT, need DMZ help http://www.ISAserver.org Would you also need to publish each server that contains the isa information for each server surrounding the dmz? Isa - dmz - isa Joseph -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Thursday, January 10, 2002 12:45 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: URGENT, need DMZ help http://www.ISAserver.org All traffic between the LAT and any other non-LAT network require server or web publishing rules or protocol rules. The only difference is for outbound PPTP, which uses a packet filter. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Magnus Werner" <magnus.werner@xxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, January 10, 2002 07:43 Subject: [isalist] URGENT, need DMZ help http://www.ISAserver.org This is a multi-part message in MIME format. ------------------------------------------------------------------------ ---- ---- Hi, I have ISA with 3 NICs... one external, one to DMZ and one to NAT. I simply want to allow ALL traffic between the DMZ and the NAT, how do I do that? Those packet filters do nothing when it comes to NAT. Need answers soon, please also reply by e-mail. Mvh Magnus W ------------------------------------------------------------------------ ---- ---- ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')