RE: ISA on a DC

  • From: "Ball, Dan" <DBall@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 21 Jun 2005 11:20:56 -0400

You really should have at least one DC on every segment of your network.
Then, if your link to the other site goes down, you will still be up and
running.

-----Original Message-----
From: cerebro [mailto:cerebro@xxxxxxxxxxxxxxxxx] 
Sent: Tuesday, June 21, 2005 09:23
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA on a DC

http://www.ISAserver.org

OK,

But do you think it's better to add a domain controller on site 1 near
of Isa Server? I prefer to leave DC on Site 2 but I'm not sure if it's
necessary for this scenario move a DC to Site 1.

Thanks for your reply and help! 

-----Mensaje original-----
De: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Enviado el: martes, 21 de junio de 2005 14:00
Para: [ISAserver.org Discussion List]
Asunto: [isalist] RE: ISA on a DC

http://www.ISAserver.org

Hi Cerebro,

EXACTLY! 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: cerebro [mailto:cerebro@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, June 21, 2005 6:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA on a DC

http://www.ISAserver.org

Hi Tom,

Thanks a lot!!! For a moment, I believe amb I going insane!!!

Then, The ISA firewall on Site 1 can be a domain member working with
Domains Controllers on Site 2?


-----Mensaje original-----
De: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Enviado el: martes,
21 de junio de 2005 13:39
Para: [ISAserver.org Discussion List]
Asunto: [isalist] RE: ISA on a DC

http://www.ISAserver.org

Hi Cerebro,

You caught a typo in my message. I meant to say that the ISA firewall on
the remote site network can be a *domain member*, NOT domain controller.

Sorry about that. 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: cerebro [mailto:cerebro@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, June 21, 2005 6:37 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA on a DC

http://www.ISAserver.org

Hi Tom,

Why do you say it? Sorry, but I don't understand......

In another mail you say:

http://www.ISAserver.org

Where have you read this?

I wrote a 1100 page book telling you that was NOT true.

I have 100+ articles on ISAserver.org and other places telling you this
was not true.

Don't listen to Cisco reps :)

If you have a site to site VPN, the ISA firewall at the remote site can
be a domain controller. I do that often and it works a treat. Even have
information on how to do it in the ISA/Exchange kit.

HTH, 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Mensaje original-----
De: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Enviado el: martes,
21 de junio de 2005 12:00
Para: [ISAserver.org Discussion List]
Asunto: [isalist] RE: ISA on a DC

http://www.ISAserver.org

Do NOT make the ISA firewall part of your server consolidation plan --
don't put it on a DC. 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: cerebro [mailto:cerebro@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, June 21, 2005 3:13 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA on a DC

http://www.ISAserver.org

Hi IsaList,

I have the following config:

                                         ISP VPN INTERNET  <-----> SITE
1 (HOUSING) <----------------> SITE2

SITE 1:
        Domain Controller Windows 2003STD + Isa Server 2004 SP1

SITE 2: Internal LAN ( Other DC, Exchange, etc.... )

I need to publish Exchange 2003 services (OWA (Form-Based Auth), SMTP,
POP3, RPC-over-HTTP), and other web services (intranet, etc..).

There is any problem with the config? The Active directory can't
replicate.

In the firewall policy mode, I add the following protocols to an Rule
Action (Allow):

DNS
Kerberos-Adm (UDP)
Kerberos-Sec (TCP)
Kerberos-Sec (UDP)
LDAP
LDAP (UDP)
LDAP GC (Global Catalog)
NTP (UDP)
Ping
RPC Endpoint Mapper (TCP 135)
Direct Host (TCP 445)

I'm not sure I understand fully what it means and what we would need to
configure?
 
Thanks for your reply and help!


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cerebro@xxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cerebro@xxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cerebro@xxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
dball@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


Other related posts: