At an Exchange deployment, we have 2 ISA servers Enterprise Ed. (Windows 2003 SP1) setup in the DMZ. Windows NLB has been configured to route traffic between the two hosts. The IP address of the NLB Cluster Server (Virtual Node ? 192.168.0.3) has been NATted to the public IP (202.101.101.101). The certificate has been installed and the web site has been registered for OWA publishing. Communication from Internal client will be configured to go out to the Internet and hit ISA instead of accessing the Front-end servers directly. We tried the following scenarios: (1) Client in the same subnet (192.168.0.*) as the ISA server: these clients were able to connect to the website https://owa.corp.com/exchange. This seems to imply that ISA is correctly routing HTTPS packets between Front-end servers and the clients. (2) External/Internal clients: Page takes a long time to load and gives error ?Could not find host or DNS error?. We have verified that the web site has already been registered at the ISP. NLB refuses to work in Unicast mode (clients get a ?Could not find host or DNS error?). After setting to Multi-cast mode clients are able to connect. A couple of questions regarding this: (1) Is Multicast mode (with single affinity) a supported configuration for NLB? I remember reading in communities that with Multicast mode, static ARP entries have to be added at some (Cisco) routers. Unicast mode, on the other hand, is supposed to work seamlessly with all routers. If this is the case, I cannot explain why the configuration is working in Multicast. (2) In Multicast mode, ISA servers are in a perpetual converging mode. Is this an expected behavior? We have 2 OWA servers in the corporate LAN also configured with NLB (Unicast with single affinity) but which are not facing any of these issues. The only difference between the two is that ISA is setup in the DMZ. Hosts in DMZ cannot ping each other even without NLB enabled.