Why does the router internal IP need to remain as it is? ISA will not function as a firewall in this configuration. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Patrick Schmid" <patrick@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, June 07, 2002 4:57 AM Subject: [isalist] internal and external interface on same network segment http://www.ISAserver.org Hi, our network address segments are mandated by an outside organization. They have also control over the router which links us with their network. We would like to put an ISA server between their router and our network. Changing the IP addresses in our internal network is not an option. The configuration should look similar to this: LAN - 10.191.84.0/22 | | 10.191.84.31 (internal interface), IP can be changed, but has to be in same segment 2 ISA Servers with NLB on internal interface -- 192.168.0.3 DMZ | | 10.191.84.40 Cisco Router All traffic should be routed to the DMZ, if the target is not in 10.x.x.x. SMTP traffic is coming in via the Cisco router. Currently SMTP is sent to 10.191.84.38. My configuration approach would be: external interfaces to DMZ: 192.168.0.1 and 192.168.0.2 external interfaces to router: 10.191.84.38 with SMTP Message Screener. Other ISA server with any IP in 10.191.84.0/22. Is there any way to use NLB on this interface too? Is this configuration possible? How would I go about this in the ISA configuration? Thanks. Patrick Schmid ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')