Hi Tom, a very nice and informative article. Keep going on... I'v just one little remark about the item 'IP fragments'. You are very right to advice to enable filtering of IP fragments. But you probably remember also that this can break the use of certificates in VPNs, particularly the EAP-TLS authentication. Maybe adding a such a quick note is recommended ;-) BTW --- in the Minutes of the IPSEC wg Meeting, December 2001 IETF-52 Online Proceedings (http://www.ietf.org/proceedings/01dec/minutes/IPSEC.HTM) you can read that they are very aware of this problem. Hopefully, they can agree on a good solution about this issue. Regards, Stefaan -----Original Message----- From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: zondag 3 februari 2002 10:27 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Checklist http://www.ISAserver.org Hi Neil, Well, I finished it! I'll be up on www.isaserver.org/shinder next week. But until then, you can check it out at: http://www.tacteam.net/isaserverorg/isachecklist.htm HTH, Tom www.isaserver.org/shinder -----Original Message----- From: Neil Thomas [mailto:neil.thomas@xxxxxxxxxxxxxxx] Sent: Friday, February 01, 2002 12:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Checklist http://www.ISAserver.org Hi Thomas.., I'll Look forward to seeing it. If you are willing to offer me a copy of the unfinished work I'm sure it would be very helpfull.. Thanks.., Neil. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')