Hi All, We have a Netscreen NS204 on the outside and an ISA 2004. The interfaces are as below, all in route mode. We have an ISA2 that we use for the guest network on ethernet2 interface.
set interface "ethernet1" zone "Trust" set interface "ethernet2" zone "ISA2" set interface "ethernet3" zone "Untrust" set interface "ethernet4" zone "DMZ" set interface "tunnel.1" zone "Untrust" unset interface vlan1 ip set interface ethernet1 ip 192.168.1.1/28 set interface ethernet1 route set interface ethernet2 ip 192.168.6.1/30 set interface ethernet2 route set interface ethernet3 ip 192.168.0.1/28 set interface ethernet3 route set interface ethernet4 ip 192.168.5.1/28 set interface ethernet4 route The servers on the DMZ can be accessed externally without any problem and get to the Internet fine. However, we need the servers in the DMZ to access resources in the trusted network. The Internal ISA has two cards, one for the internal IP and the external IP on the "Trust", ethernet 1. The hosts on the DMZ can ping all interfaces on the Netscreen except 192.168.1.2 which connects to the Trust. Therefore these hosts can't get to the Internal lan. I have created a test policy from DMZ to Trust, "ANY ANY" but nothing doing. Any ideas to crack this? Thanks, Lumumba. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
