RE: ISA on a DC

Ha! I think you're first, but my electrons move faster :) 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Greg Mulholland [mailto:greg@xxxxxxxxxxxxxx] 
Sent: Tuesday, June 21, 2005 5:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA on a DC

http://www.ISAserver.org

Man I hate it when you beat me !! Getting used to it though! 

-----Original Message-----
From: Greg Mulholland [mailto:greg@xxxxxxxxxxxxxx] 
Sent: Tuesday, June 21, 2005 8:30 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA on a DC

http://www.ISAserver.org

You shouldn't put ISA on your Domain Controller. You will become
nocturnal very quickly trying to get AD to work on a firewall..

Greg 

-----Original Message-----
From: cerebro [mailto:cerebro@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, June 21, 2005 6:13 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA on a DC

http://www.ISAserver.org

Hi IsaList,

I have the following config:

                                         ISP VPN INTERNET  <-----> SITE
1 (HOUSING) <----------------> SITE2

SITE 1:
        Domain Controller Windows 2003STD + Isa Server 2004 SP1

SITE 2: Internal LAN ( Other DC, Exchange, etc.... )

I need to publish Exchange 2003 services (OWA (Form-Based Auth), SMTP,
POP3, RPC-over-HTTP), and other web services (intranet, etc..).

There is any problem with the config? The Active directory can't
replicate.

In the firewall policy mode, I add the following protocols to an Rule
Action (Allow):

DNS
Kerberos-Adm (UDP)
Kerberos-Sec (TCP)
Kerberos-Sec (UDP)
LDAP
LDAP (UDP)
LDAP GC (Global Catalog)
NTP (UDP)
Ping
RPC Endpoint Mapper (TCP 135)
Direct Host (TCP 445)

I'm not sure I understand fully what it means and what we would need to
configure?
 
Thanks for your reply and help!


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
greg@xxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
greg@xxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx




Other related posts: