RE: ISA Design Question: Best Practice
- From: "David V. Dellanno" <ddellanno@xxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 28 May 2003 08:29:54 -0400
You're right Shawn, I could use a segregated vlan (or a simple NAT?) and
use one of the extra public IP's and then layout the CAT where it would
be needed. The virus protection, I agree, would be thier problem. The
answer is adequate for a small business, but is it the same process for
a medium to large scale environments?
-----Original Message-----
From: Quillman Shawn (RBNA/CIT1.1) *
[mailto:Shawn.Quillman@xxxxxxxxxxxx]
Sent: Wednesday, May 28, 2003 8:12 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Design Question: Best Practice
If you have extra public IP's, create a segregated vlan that is
part of the subnet the outside of your firewall. 'Course they'd have to
provide their own virus protection, but that's not really your problem
since they wouldn't be on your network. From your point of view it'd be
no different than if they were at their office, unless you allow all
kinds of incoming traffic for that subnet.
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: David V. Dellanno [mailto:ddellanno@xxxxxxxxxx]
Sent: Wednesday, May 28, 2003 6:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA Design Question: Best Practice
http://www.ISAserver.org
http://www.ISAserver.org
Hi everyone,
What is the best way to provide only internet access
to your corporate guest or contractors in your small but highly-secure
single forest, single domain 20-50 user environment, with no manual
configurations needed by the local administrator and no extra cabling or
hardware?
Example; Your company will be inviting in 10 minutes,
five slimy sales guys that require to have internet access for their
presentation but you do not want them to be nosey and snooping around
your network.
Example; Your company has a development lab that
periodically will allow contractors to work in, but the contractors
brings in their own laptops to work on and they need to have internet
access to read their mail, again you don't want the contractors to have
access to your development visual source safe nor snooping around your
network but your chief developer is breathing down your neck to give the
contractors what they need in 30 minutes.''
I know this sounds a bit exaggerated but I wanted to
know if there is a way for the contractors or slimy sales guys dhcp
clients, to be separated virtually off the corporate network with no
interaction from the local administrator? Can ISA control this or is
this as simple as getting a VLAN switch?
_____
David V. Dellanno - MCSE, MCP+I, MCP
MSDEMO Consultants
Williams Place
2564 Bridgewood Lane
Snellville, Georgia 30078 USA
(770) 736-8794 (Office)
msdemo.net <http://msdemo.net/>
Confidentiality Notice:
This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient,
please contact the sender by reply e-mail and destroy all copies of the
original message. ------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?typeuQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?typeuQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Confidentiality Notice:
This e-mail message, including any attachments, is for the sole
use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient,
please contact the sender by reply e-mail and destroy all copies of the
original message.
Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail and
destroy all copies of the original message.
Other related posts:
