Sounds like it's in hork mode anyhow, so it's not providing any real security, so I can't say that there are any security implications to this config. Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- Microsoft Firewalls (ISA) ________________________________ From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Gerald G. Young Sent: Monday, June 25, 2007 10:53 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] External an Internal IP Address tied to same NIC Guys, Aside from the creepy factor, are there any major gotchas when you have a NIC that has both internal and external IP addresses on them? Someone set up an ISA server that simply has a web publishing rule that allows connectivity to a back end box (HTTP/HTTPS); that's all it's being used for. Unfortunately, the people here decided it made sense to specify an internal IP range on a NIC and then add an external VIP on it, too. So, we have essentially a NIC with internal IP addressing as 192.168.10.120/24/.1 and a VIP of 10.10.209.120/16. It does, however, look like an additional access rule was set up that allows all networks to talk with the backend box. So, the argument I get is that because this setup is working, what is wrong with the way it is setup. This screams all wrong to me but I can't articulate why. Any help? Cordially yours, Jerry G. Young II Application Engineer Platform Engineering and Architecture NTT America, an NTT Communications Company 22451 Shaw Rd. Sterling, VA 20166 Office: 571-434-1319 Fax: 703-333-6749 Email: g.young@xxxxxxxx <mailto:g.young@xxxxxxxx>