Hi Joseph, The DNS comment was just sort of a "oh, by the way", in that if you have servers on the DMZ that need to resolve either DMZ host names or published servers on the internal network, you can put that DNS server on the internal network and publish it. That's how I usually handle things when doing the split DNS thing. Outbound VPN access should not require the same setup, as you can use the PPTP passthrough feature to access external VPN servers. IIRC, the double NAT doesn't cause too much of a problem ;-) HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: cismic [mailto:cismic@xxxxxxx] Sent: Tuesday, March 04, 2003 1:24 PM To: [ISAserver.org Discussion List] Subject: [isalist] VPN Questions Sensitivity: Confidential http://www.ISAserver.org Hi Thomas, I've been re-reading the VPN in a back to back setting and have a question about the following statement and how it applies to DNS. http://www.isaserver.org/tutorials/Configuring_VPN_Access_in_a_Back_to_B ack_ ISA_Server_Environment.html "One other thing you might want to do is configure a DNS server publishing rule on the internal ISA Server, if you wish the DMZ hosts to use a DNS server on your internal network. This is not required by the back to back ISA Server VPN configuration, but it's something you should think about." I'm not sure if you meant that it is a good thing to publish the DNS server on the internal network or not and just looking for clarification on that issue. Also, would this be the same setup to VPN out through the back to back setup? From my internal network through the internal firewall through the dmz and out through the external vpn? Thank you, Joseph "I am only one, but I am one. I cannot do everything, but I can do something. And because I cannot do everything, I will not refuse to do the something that I can do. What I can do, I should do. And what I should do, by the grace of God, I will do." - Edward Everett Hale ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')