First; thanks again to all who provided input and ideas to help me with this issue. So here is the end of the story. Yesterday morning I configured a triple homed win2K server to sit between my network and the two firewalls. The configuration was, (or was going to be, more on that later). ISP1 - 209.75.x.x FW1 - 10.1.1.1 - interface1w2k 10.1.1.2 ISP2 - 64.160.x.x FW2 - 10.1.2.1 - interface2w2k 10.1.2.2 My network - interface3w2k 192.168.1.1 Why use Windows2K. Just because I've never done it before. It only needed to work for a week or two and since it was behind the firewalls the security of the configuration was not really an issue. I set this up as a test using three PC's configured as if they were FW1, FW2 and my network. So FW1 NATs from 209.75.x.x to 10.1.1.x and then win2K NATs from 10.1.1.x to 192.168.x.x. FW2 NATs from 64.160.x.x to 10.1.2.x and win2K NATs from 10.1.2.x to 192.168.x.x. Somewhat to my surprise, and after much tweeking, it seemed like it was going to work. Then, at 1:40 Tuesday afternoon, the T-1 circuit to ISP1 went down. After a quick FW2 reconfig and one wire change I got a connection back for people to browse the web. A call to my DNS provider and a change there restored mail and my public web server access shortly after that. Now I was left with only the access to the internal web server that is done by IP. Which was, of course, the primary problem that got me started on this issue in the first place. So I called in an outside company and burned a couple of grand sending people all over Southern California to redo shortcuts so people could get to my web site. So the goal of zero down time and no added expense went out the window. But the deal is done. At 8:45 the T-1 came back up and late tonight I may try my win2K solution just to see if it works. Thanks again for the help. David - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
