Hi Marvin, You dun a bad ting. 1. Ditch the GW on the DMZ interface - it's non-functional. 2. Unless you plan to lose lots of hair, you've failed to meet the "public address" part of the DMZ network 3. The static route Tom refers to is at the router, not the ISA. ISA in effect becomes "another hop in the chain" between the ISP router and your DMZ. 4. Based on your IP setting, you don't have enough IPs to create a public DMZ. Your /29 address space only provides 6 usable addresses; not enough to subnet off for a DMZ. -----Original Message----- From: MarvinC [mailto:marvinc@xxxxxxxxx] Sent: Wednesday, June 22, 2005 9:51 PM To: [ISAserver.org Discussion List] Subject: [isalist] Upstream router and DMZ configuration...confused~~!! http://www.ISAserver.org I've asked this question before but it was under different circumstances so I need to try again for further clarification. This may seem like a "dumb question" but it's one I have to ask so please accept my apologizes in advance if anyone's bothered by it. I have the Configuring ISA 2004 book and I'm reading an article in Chapter 7 entitled "Creating and configuring a public address tri-homed DMZ Network". I have on my ISA2K box three (3) network adapters with the following settings in the following order: Internal: IP: 10.0.0.x Subnet: 255.0.0.x GW: DNS: IP of internal DNS server. DMZ: IP: 172.16.0.x Subnet: 255.0.0.x GW: 172.16.0.1 DNS: 172.16.0.1 External: ISP Static IP IP: 70.148.240.122 Subnet: 255.255.255.248 GW: 70.148.122.121 There is mention in the book on creating static routes to the upstream router to ensure communication between the networks. I'm not sure what the upstream router is and need clarification. Is this a seperate unit functioning as a router or is this the ISA server? Where do I enter this command and is this the correct syntax for the command: router add 172.16.0.0 add 172.16.0.0 0 mask 255.255.0.0 192.168.1.20 Would anyone have any links or articles that cover static routes as they relate to ISA2K4? I'm also trying to determine if the external interface consititutes as a public address? ANY responses are greatly appreciated. ANY!!! ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.