RE: PIX 515e and ISA 2000 (I know, I know)

Now this:
"http://spaces.msn.com/drisa/blog/cns!BC3213176E0489FD!392.entry"; is more
like it, I havent seen before and looks like its required readin. I have
already done much of the same troubleshooting with nslookup etc. The
isapix stuff Ive seen before. I will have a look at the netscreen stuff.

Thanks
> Hi CDX,
> 
> Check out:
> 
> http://spaces.msn.com/drisa/blog/cns!BC3213176E0489FD!392.entry
> 
> And
> http://www.isaserver.org/tutorials/2004isapixdmz.html
> 
> And
> http://www.isaserver.org/pages/search.asp?query=3Dnetscreen
> 
> HTH,
> Tom
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
> =20
> 
> > -----Original Message-----
> > From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=20
> > Sent: Wednesday, March 08, 2006 9:07 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know)
> >=20
> > http://www.ISAserver.org
> >=20
> > Thats the annoying thing. Neither of them say anthing is wrong. The OS
> > logs including DNS have no errors. ISA logs have no errors.=20
> > When things
> > like this happen my boss gets angry with me and says "but=20
> > there must be a
> > reason" and all I can say to him is yes, but since I have=20
> > nothing in the
> > logs and nothing has changed (as far as I know) what can I say.
> >=20
> > Anyway to be honest, going back to my original question, I=20
> > just wanted to
> > know peoples experiences on the board. How do you combine the=20
> > excellent
> > SMTP filtering, OWA publishing etc features of ISA with PIX=20
> > raw power and
> > stability. I would like to use the PIX as the Internet=20
> > firewall. I will
> > turn off message guard and maybe a few others if necessary. I=20
> > would like
> > to use the PIX VPN and still use WinXP clients to connect to it(I have
> > already tested this). I want for example to to exchange over=20
> > HTTP but for
> > that I either need to upgrade to 2004 or remove ISA and just open the
> > relevant ports on PIX. Can I do this with ISA 2000 in place=20
> > for  example.
> >=20
> > I am no longer in troubleshooting mode. I just want a solution that is
> > "stable" even if it means a little more complication on the way. The
> > easiest solution would be to remove ISA completely and it is=20
> > tempting but
> > I do know the advantages of ISA.
> > > What do the logs say??  Both ISA and event.=3D20
> > >=20
> > > -----Original Message-----
> > > From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=3D20
> > > Sent: Wednesday, March 08, 2006 10:44 AM
> > > To: ISA Mailing List
> > > Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know)
> > >=20
> > > http://www.ISAserver.org
> > >=20
> > > Ok here goes
> > > Steve: in answer to your question. I have nothing else=20
> > installed on my
> > > ISA box. Ive been configuring ISA for 3 years now. I bought=20
> > both of Toms
> > > books so I have some idea of what I am doing.
> > >=20
> > > Tom: You surprise me. I know you are busy so I will forgive for
> > > completely missing the point. I dont have the PIX installed=20
> > yet. Just
> > > ISA.
> > >=20
> > > Alex: Me too. I think that maybe they are so used to being=20
> > bashed over
> > > the head with the software firewall thing that its just a=20
> > conditioned
> > > reaction triggered by certain keywords eg: PIX. I want to=20
> > use ISA I just
> > > realise it has its own limitations. Im sure 2004 overcomes=20
> > many of them
> > > but in the end its still on a PC running on a general=20
> > purpose OS. So I
> > > wanted to combine the best of both.
> > >=20
> > > Ho hum
> > >=20
> > > > ... uh.. .what?
> > > >=3D20
> > > > I fail to see how a PIX is easier to use than ISA... and=20
> > I also fail=3D20
> > > > to =3D3D understand the whole point, in general. I fail at=20
> > a lot of =3D
> > > things
> > >=20
> > > > today. =3D3D May I ask for enlightenment?
> > > >=3D20
> > > > -----Message d'origine-----
> > > > De=3D3DA0: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]=3D3D20
> > > > Envoy=3D3DE9=3D3DA0: 8 mars 2006 08:18
> > > > =3D3DC0=3D3DA0: [ISAserver.org Discussion List]
> > > > Objet=3D3DA0: [isalist] RE: PIX 515e and ISA 2000 (I know, I know)
> > > >=3D20
> > > > http://www.ISAserver.org
> > > >=3D20
> > > > Here's a core fact you can take to the dopes who think a=20
> > hardware=3D20
> > > > firewall is more secure:
> > > >=3D20
> > > > Security is inversely proportional to ease of use and accessbility
> > > >=3D20
> > > > Therefore, if you can understand the PIX and make it access =
> the=3D20
> > > > content your users want, you've proven the PIX is nothing but =
> a=3D20
> > > > security illusion and you're doing your company a=20
> > disservice if you=3D20
> > > > can't prove that I'm incorrect.
> > > >=3D20
> > > > BTW -- you have done *nothing* to demonstate that the ISA=20
> > firewall is=3D20
> > > > the problem here.  At this point, I have as much positive=20
> > proof that=3D20
> > > > the pix server is the problem.=3D3D20
> > > >=3D20
> > > >=3D20
> > > > Thomas W Shinder, M.D.
> > > > Site: www.isaserver.org
> > > > Blog: http://blogs.isaserver.org/shinder/
> > > > Book: http://tinyurl.com/3xqb7
> > > > MVP -- ISA Firewalls
> > > >=3D20
> > > >=3D20
> > > > -----Original Message-----
> > > > From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=3D3D20
> > > > Sent: Wednesday, March 08, 2006 1:03 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know)
> > > >=3D20
> > > > http://www.ISAserver.org
> > > >=3D20
> > > > Now Im really tempted to just remove ISA completely (see=20
> > below). I=3D20
> > > > currently have ISA running on win2k3 sp1. Should I=20
> > downgrade to win2k?
> > > > It
> > > > seemed to be a little more stable on that OS.
> > > >=3D20
> > > > Again this morning, for no reason DNS stopped responding.=20
> > I restarted=3D20
> > > > the DNS service and nothing happened. I checked the ISPs=20
> > DNS and=3D20
> > > > everything was fine. I rebooted ISA and everything came=20
> > back. Im quite
> > >=20
> > > > frankly fed up with this. I know 2004 is supposed to be=20
> > more stable=3D20
> > > > but I cant justify the extra spend especially as most=20
> > people still=3D20
> > > > think hardware firewall equals more secure and Microsoft=20
> > Firewall=3D20
> > > > equals reboot (in the case of ISA 2000 I agree).
> > > >=3D20
> > > > > In that case, please proceed. :)=3D3D3D20 =3D3D20 =3D3D20  =
> Thomas W =3D
> > > Shinder,=3D20
> > > > >M.D.
> > > > > Site: www.isaserver.org
> > > > > Blog: http://blogs.isaserver.org/shinder/
> > > > > Book: http://tinyurl.com/3xqb7
> > > > > MVP -- ISA Firewalls
> > > > >=3D3D20
> > > > >=3D3D20
> > > > > -----Original Message-----
> > > > > From: Alexandre Gauthier=20
> > [mailto:gauthiera@xxxxxxxxxxxxxxxxx]=3D3D3D20
> > > > > Sent: Tuesday, March 07, 2006 8:31 AM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I=20
> > know) =3D3D20  =3D
> > >=20
> > > > >http://www.ISAserver.org =3D3D20  Well, unless I misread,=20
> > he asked how =3D
> > > to
> > >=20
> > > > >make ISA 2000 and and PIX play
> > > > =3D3D3D
> > > > > nice, so it is not entirely irrelevant...
> > > > >=3D3D20
> > > > > -----Message d'origine-----
> > > > > De=3D3D3DA0: Thomas W Shinder =
> [mailto:tshinder@xxxxxxxxxxx]=3D3D3D20
> > > > > Envoy=3D3D3DE9=3D3D3DA0: 7 mars 2006 09:25
> > > > > =3D3D3DC0=3D3D3DA0: [ISAserver.org Discussion List]
> > > > > Objet=3D3D3DA0: [isalist] RE: PIX 515e and ISA 2000 (I=20
> > know, I know) =3D
> > > =3D3D20
> > >=20
> > > > >http://www.ISAserver.org =3D3D20  You're asking how to=20
> > configure a=3D20
> > > > >dreaded PIX here?=3D3D3D20 =3D3D20 =3D3D20  Thomas W Shinder, =
> M.D.
> > > > > Site: www.isaserver.org
> > > > > Blog: http://blogs.isaserver.org/shinder/
> > > > > Book: http://tinyurl.com/3xqb7
> > > > > MVP -- ISA Firewalls
> > > > >=3D3D20
> > > > >=3D3D20
> > > > > -----Original Message-----
> > > > > From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=3D3D3D20
> > > > > Sent: Tuesday, March 07, 2006 8:11 AM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] PIX 515e and ISA 2000 (I know, I=20
> > know) =3D3D20 =3D20
> > > > >http://www.ISAserver.org =3D3D20  Hi all =3D3D20  I didnt=20
> > really get any=3D20
> > > > >answers to my ISA VPN question so I just gave
> > > > up
> > > > > and I will install a PIX. For some reason the ISA VPN=20
> > connects but I
> > >=20
> > > > > cant see the internal lan. Im not sure if I need a=20
> > static route on=3D20
> > > > > the ISA box or not. But to be honest this is the last=20
> > straw. Ive=3D20
> > > > > been using ISA
> > > > for
> > > > > 3
> > > > > years. Feature wise very good. Configuration very easy.
> > > > Stability.......
> > > > > Anyway I would like to combine the advantages of the=20
> > PIX (we already
> > >=20
> > > > > have sitting here doing nothing) i.e. hardware VPN,=20
> > stability, speed
> > >=20
> > > > > and
> > > > ISA
> > > > > 2000 exchange publishing , SMTP protection etc. I want=20
> > to configure=3D20
> > > > > in the simple back to back configuration. Besides turning =
> off=3D20
> > > > > Message Guard
> > > > on
> > > > > the PIX how do I get OWA/OMA through the PIX? Any other=20
> > gotyas' I
> > > > should
> > > > > know about.
> > > > >=3D3D20
> > > > > ------------------------------------------------------
> > > > > List Archives:=3D20
> > > > >http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist
> > > > > ISA Server Newsletter:=20
> > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ: =3D3D
> > > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3D3DFAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our other sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org=20
> > Discussion List
> > > as:
> > > > > tshinder@xxxxxxxxxxxxxxxxxx
> > > > > To unsubscribe visit =3D3D3D
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx =3D3D20 =3D3D20 =3D3D20
> > > > > ------------------------------------------------------
> > > > > List Archives:=3D20
> > > > >http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist
> > > > > ISA Server Newsletter:=20
> > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ: =3D3D
> > > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3D3DFAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our other sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org=20
> > Discussion List
> > > as:
> > > > =3D3D3D
> > > > > gauthiera@xxxxxxxxxxxxxxxxx
> > > > > To unsubscribe visit =3D3D3D
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx =3D3D20 =3D3D20
> > > > > ------------------------------------------------------
> > > > > List Archives:=3D20
> > > > >http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist
> > > > > ISA Server Newsletter:=20
> > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ: =3D3D
> > > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3D3DFAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our other sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org=20
> > Discussion List
> > > as:
> > > > =3D3D3D
> > > > > tshinder@xxxxxxxxxxxxxxxxxx
> > > > > To unsubscribe visit =3D3D3D
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >=3D20
> > > > ------------------------------------------------------
> > > > List Archives:=20
> > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist
> > > > ISA Server Newsletter:=20
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: =3D
> > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3DFAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org=20
> > Discussion List as:
> > > > tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit =3D3D
> > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >=3D20
> > > >=3D20
> > > >=3D20
> > > > ------------------------------------------------------
> > > > List Archives:=20
> > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist
> > > > ISA Server Newsletter:=20
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: =3D
> > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3DFAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org=20
> > Discussion List as:
> > >=20
> > > > =3D3D gauthiera@xxxxxxxxxxxxxxxxx To unsubscribe visit =3D3D=3D20
> > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >=20
> > > ------------------------------------------------------
> > > List Archives: =
> http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist
> > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:=20
> > http://www.isaserver.org/pages/larticle.asp?type=3D3DFAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org=20
> > Discussion List as:
> > > isalist@xxxxxxxxxx To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> >=20
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion=20
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit=20
> > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >=20
> >=20


Other related posts: