Microsoft KB Archive/838362

= Address translation rules and policy rules in a multi-networked environment in ISA Server 2004 =

Article ID: 838362

Article Last Modified on 12/4/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition
 * Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition

-





INTRODUCTION
ISA Server 2004 uses a multi-networking model to control the way that traffic flows between networks that are internal to your organization and the way that traffic flows between internal and external networks. You create network rules to specify whether networks are allowed to connect and to define the relationship between them.

A Network Address Translation (NAT) relationship is usually configured for communication between trusted and untrusted networks. This helps to protect the IP address of the source network request. It does this by replacing it with the IP address of the adapter on the ISA Server computer that is connected to the destination network. A NAT relationship is unidirectional. For example, if you create a NAT relationship from the internal network to the perimeter network, traffic that is returned from a perimeter network to the internal network is not translated.

A route relationship is used when a more transparent communication between networks is acceptable and when IP addresses are exposed. A route relationship is bidirectional. Therefore, defining route relationship between the internal network and a perimeter network implicitly defines the same relationship from the perimeter network to the internal network.

Besides network rules, you create access rules to determine how clients on a source network can access resources on a destination network and to determine how such traffic is filtered and inspected.

Publishing rules usually specify how clients from external networks can access internal resources. When you configure internal client access to resources that are located on a different internal network, you may use access rules. Alternatively, you may sometimes use server publishing rules.

