Hi Joseph, In the back to back DMZ, having all the machines running Win2003 provides you a lot of options. Front-end and back-end firewalls can be ISA 2004 firewalls, with the back-end firewall being a domain member. Your DMZ host can act an both an incoming and outgoing SMTP relay, and you can use it for your unihomed RPC proxy for incoming RPC over HTTP connections to the Exchange Server on the Internal network. If you want to even have more fun, put a third NIC in the front end ISA firewall and put the SMTP relay there. The third NIC would represent the anonymous access segment where you put your public servers, and the segment between the front end and back end ISA firewall represents the authenticated DMZ, so no anonymous access there. HTH, Tom -----Original Message----- From: josephk [mailto:josephk@xxxxxxxxx] Sent: Wednesday, July 07, 2004 6:53 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: multiple domain extension http://www.ISAserver.org Hi Thomas, What is a good configuration? I've been switching over to windows 2003 on my machines. I'm just not sure if I should change the EXT ISA box over to 2003 yet. It is setup With message screener forwarding out to dmz relay SMTP. I'll have another Windows 2003 machine setup later for doing the SMTP relay so that means for me EXT ISA(STILL W2K) >> DMZ - WEB/SMTP(windows 2003) - DNS(still w2k) >> internal ISA (windows 2003) >> Exchange 2003(windows 2003) - AD (windows 2003). When I get another copy of windows 2003, would it also be a good idea to change the EXT ISA machine over to 2003? What are some of the new benefits in a back to back with all primary servers being of the windows 2003 family? Because I would like to setup VPN and Mail so that clients can utilize their own copy of outlook. Plus, I'm thinking Of adding share point 3.0. And will add ISA 2004 when that is finally out. Thank you, Joseph -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, July 07, 2004 4:41 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: multiple domain extension http://www.ISAserver.org Hi Ryan, The ISA firewall won't deny relay unless its configured as an SMTP relay. HTH, Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Ryan Sinclair [mailto:ryan@xxxxxxxxx] Sent: Wednesday, July 07, 2004 6:08 AM To: [ISAserver.org Discussion List] Subject: [isalist] multiple domain extension Importance: Low http://www.ISAserver.org I've recently installed ISA server and published my exchange server through it , problem is I have 2 domain extensions (domain.com and domain.co.za) but the co.za mail does not get to the exchange server. I recive a relaying denied error, .com works fine. I was running a Linux firewall Before the change over and the .co.za domain worked. Any help would be appreciated. Ryan Sinclair ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: josephk@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist