Hi Joseph, Internal to External is typically NAT, since the internal clients are going to have private addresses. Remember, the default External Network includes all address that the ISA firewall doesn't have a definition for. For example, suppose you have a back to back ISA firewall config. The DMZ in front of the back-end ISA firewall is on network ID 10.10.10.0/24 and the Internal Network behind the back-end ISA firewall is 192.168.0.0/16. You can create a route relationship between the default Internal Network and the DMZ, and a NAT relationship between the default Internal Network and the default External Network. Communications sourcing from the default Internal Network behind the back-end ISA firewall to a host on the DMZ will be Routed, while communications from hosts on the default Internal Network behind the back-end ISA firewall to the Internet will be NAT'd. For any two Networks that the ISA firewall as a Network configured, it can create either a NAT or Route relationship. You can even publish servers when there is a Route relationship between the source and destination Networks. Check out my article on www.isaserver.org about publishing resources on a public address DMZ for more info on what to watch out for in this sceanrio. HTH, Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: josephk [mailto:josephk@xxxxxxxxx] Sent: Wednesday, December 22, 2004 2:55 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: routing with isa 2004 http://www.ISAserver.org Hi Jim, You're saying that: Internal >>Route>> External External >>Nat>> Internal Or Internal >>Route>> External External >>Route>> Internal Thank you, Joseph -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, December 22, 2004 11:33 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: routing with isa 2004 http://www.ISAserver.org Yes, you can. Remember that ISA can't route packets between networks unless it's the default route for both sides of the conversation. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -----Original Message----- From: James [mailto:jmay@xxxxxxxxxx] Sent: Wednesday, December 22, 2004 8:00 AM To: [ISAserver.org Discussion List] Subject: [isalist] routing with isa 2004 http://www.ISAserver.org Hi I'm running isa 2004 currently as a gateway to the internet with a few published servers. we just got a new canon copier with some other networkable goodies. My lan ip address = 172.16.16.0/24 I have a consultant on his own little workgroup running 192.168.1.0/24 can I add another nic to my isa 2004 server and rout packets from the 192.168.1.x network to the printer on the 172.16.16.x? also can the network 192.168.1.x access the internet through isa 2004 server? Thanks Jim ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: josephk@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx