http://www.ISAserver.org ------------------------------------------------------- > The network segment between the NAT device's internal interface and the > external interface of the ISA Firewall would be an anonymous access DMZ, > so that untrusted WLAN clients can be placed there. You could even put > trusted hosts there, and configure an ISA Firewall Network for that > network segment and create a route relationship to extend the domain > into that segment, if you like. So, in other words, yes it does work but you have to take extra steps to make it work and you have to have knowledge of routing subnets. OK, so I take back what I said about it not working and replace that with "It works but requires extra steps and if you do not get all the steps right it will not work." > There are lots of options, but I generally put WAPs behind the ISA > Firewall, and never on the Internet gateway -- that's strickly SOHO, Kim > Komando/Leo Laporte simpletonism ;) Excellent analogy and why I would much rather tell some one it does not work you should do it this way the correct way. I mean, how much does an extra NIC for the ISA server and a Wireless access point to connect to it to make a un-trusted DMZ off the ISA itself really cost? For the security it brings, not much! And yes, I cringe every time I hear Leo say "Your ISP's router is already doing NAT which is a firewall so you should be fine." John T eServices For You "Life is a succession of lessons which must be lived to be understood." Ralph Waldo Emerson (1802-1882) ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx