Socket pooling is an IIS feature that allows IIS services to listen on all interfaces, regardless of the IP address you set the service to listen on. Socket pooling doesn't pose a problem for a unihomed server on the internal network. In fact, socket pooling helps to improve IIS performance by allowing all of the IP addresses on the server to share the same set of sockets, which can significantly reduce resource consumption by the services. The problem is that socket pooling is not a good thing when the server is connected to multiple networks and not all of those networks are trusted. This is exactly the situation we usually have with a multihomed ISA server.

The following IIS and Exchange services implement socket pooling:

• The IIS Web Publishing Service (W3SVC)

• The IIS FTP Publishing Service (MSFTPSVC)

• The IIS Simple Mail Transport Protocol (SMTP) Service (SMTPSVC)

• The IIS Network News Transport Protocol (NNTP) Service (NNTPSVC)

• The Exchange 2000 Post Office Protocol (POP3) Service (POP3SVC)

• The Exchange 2000 Internet Mail Access Protocol 4 (IMAP4) Service (IMAP4SVC)

If you run any of these services on the ISA Server machine, you should always disable socket pooling for that service and configure it to listen only on the ISA server's internal interface. Alternately, you can disable IIS services on the ISA.