This really seems more like a loopback issue. Hardware firewalls usually don't have a problem with connecting internal clients on port-forwarded addresses via a loopback (I can to this on a $115 Linksys router). I was simply curious why ISA Server has this limitation. I am currently using a internal DNS Server to publish the "internal" address of the servers but there are some applications that we use that only use IP addresses and hince it would be nicer to simply allow the loopback of a connection request from an Internal SecureNAT client instead of separate configs for the external and internal connections. It seems that Microsoft has broken this type of standard firewall feature unnecessarily... ----- Original Message ----- From: Jim Harrison To: [ISAserver.org Discussion List] Sent: Saturday, December 15, 2001 11:26 AM Subject: [isalist] Re: Why can't internal clients access a published TCP server? http://www.ISAserver.org The problem is that your asking ISA to do something it knows is unnecessary; something I like to call "isotropic IP bounce". What's the point of sending a packet from the living room, through the mudroom and out the front door to reach a kitchen that was only a few steps away? Proper internal name resolution, LDT and LAT configuration and you don't need this kind of "functionality". Here's an article that'll help you 'round the bend, as it were... http://support.microsoft.com/support/kb/articles/Q288/3/96.ASP ISA doesn't do anything out of the ordinary where the rules of routing and TCP/IP are concerned and will complain loudly when it's asked to. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the book! ----- Original Message ----- From: Wendell W. Pinegar To: [ISAserver.org Discussion List] Sent: Saturday, December 15, 2001 02:44 Subject: [isalist] Why can't internal clients access a published TCP server? http://www.ISAserver.org We've configured ISA Server with several published TCP ports to internal servers. Connections to the published TCP ports works perfectly fine when connecting from clients on the Internet but if I attempt to connect to the IP address and TCP port # of the published server from inside the network the connection always fails. What gives? Does ISA Server have a problem connecting internal users to published TCP ports on it's external interface? (Of course I can connect the internal users to the internal address of the TCP server and all goes well, but I due to several reasons I would prefer to connect them to the published IP address on the Internet). Anyone have a clue what's wrong? Thanks! Wendell W. Pinegar ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: Wendell@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')