RE: DHCP range in Isa Server

• From: "cismic" <cismic@xxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 13 Apr 2004 10:41:19 -0700

Hi,
Good points.
I've also been reading about how some limit ICMP to the site for both
inbound and outbound.
I limit my access. But, I'm starting to wonder if it would be a good idea to
allow
ICMP 3 & 4?

I only use the DHCP stuff for VPN anyway per Dr Tom's information.

Joseph

----- Original Message ----- 
From: "Troy Radtke" <TRadtke@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, April 13, 2004 10:30 AM
Subject: [isalist] RE: DHCP range in Isa Server


http://www.ISAserver.org

The age old pondering of security vs. usability..... Personally, I tip at a
60/40 balance to keep the scripters out, and cross my fingers against the
guys who actually know what they are doing.....  Let's face it, a guy with a
0-day exploit will own your security if he can, and all you can really do
about it is hide the soft chewy center of your network from them.  The
layered (al la Cisco SAFE) method gives you a bit of a buffer, as in two (or
more) exploits must be available against two (or more) different platforms
running two (or more) types of defense (hardware/software, OSS/closed, 3rd
party/in house setup).

BTW IANASG (I am not a security guy), I just clean up the messes after the
fact.

Troy Radtke
CCNP, A+, Network+, Server+
Technical Network Analyst


-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, April 13, 2004 12:05 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DHCP range in Isa Server


http://www.ISAserver.org

There's also a point of diminishing returns when you have to manage multiple
disparate technologies to attain "security". Wearing six pairs of socks
makes your feet warmer, but it also makes it very hard to scratch them
without removing at least one
layer.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG  http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "Troy Radtke" <TRadtke@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, April 13, 2004 09:36
Subject: [isalist] RE: DHCP range in Isa Server


http://www.ISAserver.org

I run DHCP at home on my ISA from my cable modem.  Yes, I run ISA at home...
=?P And if I knew more about PIX firewalls, there'd be one of them in front
of it.  Security through depth! =?)

Troy Radtke
CCNP, A+, Network+, Server+
Technical Network Analyst



-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, April 13, 2004 8:27 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DHCP range in Isa Server


http://www.ISAserver.org

Not true.
While ISA certainly functions more reliably with static IPs, it will work
with DHCP-assigned addresses.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG  http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: <mathif@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, April 13, 2004 05:06
Subject: [isalist] RE: DHCP range in Isa Server


http://www.ISAserver.org

Hey, your ISA cant have Ip address from DHCP. ISA server shuld have Static
IP only always.

-----Original Message-----
From: Mohammed Athif Khaleel
Sent: Tuesday, 13 April 2004 3:07 PM
To: '[ISAserver.org Discussion List]'
Subject: RE: [isalist] DHCP range in Isa Server


Hi Zaheer,
You can include any ip range, or the full scope you defined in DHCP but that
shuld be added to the LAT. Your external interface shuld not be added to the
LAT.

Good Luck,
Athif

-----Original Message-----
From: zaher [mailto:zaherer@xxxxxxxxxxx]
Sent: Tuesday, 13 April 2004 3:32 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] DHCP range in Isa Server


http://www.ISAserver.org

pls help me , i have a network in win 2000 server with DHCP server the scopt
that i use is from 192.168.0.100 up to 192.168.0.255, so the server IP is
192.168.0.100, when i want to install the ISA what the range Span should I
use from 192.168.0.1 up to 192.168.0.255 or from 192.168.0.100 up to
192.168.0.255, or ?????. also should i run enterprise ISA before indstall
it. appreciate you soon action

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mathif@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


  ----------------------------------------------------- 
 This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom/which they are
addressed. If you have received this email in error please notify the system
manager at the following email address: sadmin@xxxxxxxxxxxxxxx
<mailto:sadmin@xxxxxxxxxxxxxxx>. Please note that any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of Al Faisaliah Group. Internet communications
cannot be guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, arrive late or contain viruses. The sender
therefore does not accept liability for any errors or omissions in the
context of this message, which arise as a result of Internet transmission.
Finally, the recipient should check this email and any attachments for the
presence of viruses. Al Faisaliah Group accepts no liability for any damage
caused by any virus transmitted by this email.
  ----------------------------------------------------- 



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » DHCP range in Isa Server
• » RE: DHCP range in Isa Server
• » RE: DHCP range in Isa Server
• » RE: DHCP range in Isa Server
• » RE: DHCP range in Isa Server
• » RE: DHCP range in Isa Server
• » RE: DHCP range in Isa Server
• » RE: DHCP range in Isa Server
• » RE: DHCP range in Isa Server
• » RE: DHCP range in Isa Server
• » RE: DHCP range in Isa Server
• » RE: DHCP range in Isa Server
• » RE: DHCP range in Isa Server
• » RE: DHCP range in Isa Server
• » RE: DHCP range in Isa Server
• » RE: DHCP range in Isa Server
• » RE: DHCP range in Isa Server

1. Home
2. isalist
3. Archive
4. 04-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---