RE: PIX 515e and ISA 2000 (I know, I know)[Scanned]
- From: "Rascher William" <wrascher@xxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 8 Mar 2006 15:29:23 -0600
Is there another place I might be able to view;
http://spaces.msn.com/drisa/blog/cns!BC3213176E0489FD!392.entry
I've been following this thread and I'm unable to view the potential
solution. The reason? I have blocked "spaces" since this is a k-12
district. I would view this at home but I've just finish (almost)
building a house and I've yet to setup my computers. No biggie, just
curious...
William
-----Original Message-----
From: cdx47 [mailto:extra_net@xxxxxxxxxxx]
Sent: Wednesday, March 08, 2006 09:22
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know)[Scanned]
http://www.ISAserver.org
Now this:
"http://spaces.msn.com/drisa/blog/cns!BC3213176E0489FD!392.entry"; is
more like it, I havent seen before and looks like its required readin. I
have already done much of the same troubleshooting with nslookup etc.
The isapix stuff Ive seen before. I will have a look at the netscreen
stuff.
Thanks
> Hi CDX,
>
> Check out:
>
> http://spaces.msn.com/drisa/blog/cns!BC3213176E0489FD!392.entry
>
> And
> http://www.isaserver.org/tutorials/2004isapixdmz.html
>
> And
> http://www.isaserver.org/pages/search.asp?query=3Dnetscreen
>
> HTH,
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
> =20
>
> > -----Original Message-----
> > From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=20
> > Sent: Wednesday, March 08, 2006 9:07 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know) =20
> >http://www.ISAserver.org =20 Thats the annoying thing. Neither of
> >them say anthing is wrong. The OS logs including DNS have no errors.
> >ISA logs have no errors.=20 When things like this happen my boss
> >gets angry with me and says "but=20 there must be a reason" and all
> >I can say to him is yes, but since I have=20 nothing in the logs
> >and nothing has changed (as far as I know) what can I say.
> >=20
> > Anyway to be honest, going back to my original question, I=20 just
> >wanted to know peoples experiences on the board. How do you combine
> >the=20 excellent SMTP filtering, OWA publishing etc features of ISA
> >with PIX=20 raw power and stability. I would like to use the PIX as
> >the Internet=20 firewall. I will turn off message guard and maybe a
> >few others if necessary. I=20 would like to use the PIX VPN and
> >still use WinXP clients to connect to it(I have already tested
> >this). I want for example to to exchange over=20 HTTP but for that
> >I either need to upgrade to 2004 or remove ISA and just open the
> >relevant ports on PIX. Can I do this with ISA 2000 in place=20 for
> >example.
> >=20
> > I am no longer in troubleshooting mode. I just want a solution that
> >is "stable" even if it means a little more complication on the way.
> >The easiest solution would be to remove ISA completely and it is=20
> >tempting but I do know the advantages of ISA.
> > > What do the logs say?? Both ISA and event.=3D20 =20
> > >-----Original Message-----
> > > From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=3D20
> > > Sent: Wednesday, March 08, 2006 10:44 AM
> > > To: ISA Mailing List
> > > Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know) =20
> > >http://www.ISAserver.org =20 Ok here goes
> > > Steve: in answer to your question. I have nothing else=20
> > installed on my
> > > ISA box. Ive been configuring ISA for 3 years now. I bought=20
> > both of Toms
> > > books so I have some idea of what I am doing.
> > >=20
> > > Tom: You surprise me. I know you are busy so I will forgive for
> > >completely missing the point. I dont have the PIX installed=20
> > yet. Just
> > > ISA.
> > >=20
> > > Alex: Me too. I think that maybe they are so used to being=20
> > bashed over
> > > the head with the software firewall thing that its just a=20
> > conditioned
> > > reaction triggered by certain keywords eg: PIX. I want to=20
> > use ISA I just
> > > realise it has its own limitations. Im sure 2004 overcomes=20
> > many of them
> > > but in the end its still on a PC running on a general=20
> > purpose OS. So I
> > > wanted to combine the best of both.
> > >=20
> > > Ho hum
> > >=20
> > > > ... uh.. .what?
> > > >=3D20
> > > > I fail to see how a PIX is easier to use than ISA... and=20
> > I also fail=3D20
> > > > to =3D3D understand the whole point, in general. I fail at=20
> > a lot of =3D
> > > things
> > >=20
> > > > today. =3D3D May I ask for enlightenment?
> > > >=3D20
> > > > -----Message d'origine-----
> > > > De=3D3DA0: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]=3D3D20
> > > > Envoy=3D3DE9=3D3DA0: 8 mars 2006 08:18
> > > > =3D3DC0=3D3DA0: [ISAserver.org Discussion List]
> > > > Objet=3D3DA0: [isalist] RE: PIX 515e and ISA 2000 (I know, I
> > > >know) =3D20 http://www.ISAserver.org =3D20 Here's a core fact
> > > >you can take to the dopes who think a=20
> > hardware=3D20
> > > > firewall is more secure:
> > > >=3D20
> > > > Security is inversely proportional to ease of use and
> > > >accessbility =3D20 Therefore, if you can understand the PIX and
> > > >make it access =
> the=3D20
> > > > content your users want, you've proven the PIX is nothing but =
> a=3D20
> > > > security illusion and you're doing your company a=20
> > disservice if you=3D20
> > > > can't prove that I'm incorrect.
> > > >=3D20
> > > > BTW -- you have done *nothing* to demonstate that the ISA=20
> > firewall is=3D20
> > > > the problem here. At this point, I have as much positive=20
> > proof that=3D20
> > > > the pix server is the problem.=3D3D20 =3D20 =3D20 Thomas W
> > > >Shinder, M.D.
> > > > Site: www.isaserver.org
> > > > Blog: http://blogs.isaserver.org/shinder/
> > > > Book: http://tinyurl.com/3xqb7
> > > > MVP -- ISA Firewalls
> > > >=3D20
> > > >=3D20
> > > > -----Original Message-----
> > > > From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=3D3D20
> > > > Sent: Wednesday, March 08, 2006 1:03 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know)
> > > >=3D20 http://www.ISAserver.org =3D20 Now Im really tempted to
> > > >just remove ISA completely (see=20
> > below). I=3D20
> > > > currently have ISA running on win2k3 sp1. Should I=20
> > downgrade to win2k?
> > > > It
> > > > seemed to be a little more stable on that OS.
> > > >=3D20
> > > > Again this morning, for no reason DNS stopped responding.=20
> > I restarted=3D20
> > > > the DNS service and nothing happened. I checked the ISPs=20
> > DNS and=3D20
> > > > everything was fine. I rebooted ISA and everything came=20
> > back. Im quite
> > >=20
> > > > frankly fed up with this. I know 2004 is supposed to be=20
> > more stable=3D20
> > > > but I cant justify the extra spend especially as most=20
> > people still=3D20
> > > > think hardware firewall equals more secure and Microsoft=20
> > Firewall=3D20
> > > > equals reboot (in the case of ISA 2000 I agree).
> > > >=3D20
> > > > > In that case, please proceed. :)=3D3D3D20 =3D3D20 =3D3D20 =
> Thomas W =3D
> > > Shinder,=3D20
> > > > >M.D.
> > > > > Site: www.isaserver.org
> > > > > Blog: http://blogs.isaserver.org/shinder/
> > > > > Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls =3D3D20
> > > > >=3D3D20 -----Original Message-----
> > > > > From: Alexandre Gauthier=20
> > [mailto:gauthiera@xxxxxxxxxxxxxxxxx]=3D3D3D20
> > > > > Sent: Tuesday, March 07, 2006 8:31 AM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I=20
> > know) =3D3D20 =3D
> > >=20
> > > > >http://www.ISAserver.org =3D3D20 Well, unless I misread,=20
> > he asked how =3D
> > > to
> > >=20
> > > > >make ISA 2000 and and PIX play
> > > > =3D3D3D
> > > > > nice, so it is not entirely irrelevant...
> > > > >=3D3D20
> > > > > -----Message d'origine-----
> > > > > De=3D3D3DA0: Thomas W Shinder =
> [mailto:tshinder@xxxxxxxxxxx]=3D3D3D20
> > > > > Envoy=3D3D3DE9=3D3D3DA0: 7 mars 2006 09:25
> > > > > =3D3D3DC0=3D3D3DA0: [ISAserver.org Discussion List]
> > > > > Objet=3D3D3DA0: [isalist] RE: PIX 515e and ISA 2000 (I=20
> > know, I know) =3D
> > > =3D3D20
> > >=20
> > > > >http://www.ISAserver.org =3D3D20 You're asking how to=20
> > configure a=3D20
> > > > >dreaded PIX here?=3D3D3D20 =3D3D20 =3D3D20 Thomas W Shinder, =
> M.D.
> > > > > Site: www.isaserver.org
> > > > > Blog: http://blogs.isaserver.org/shinder/
> > > > > Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls =3D3D20
> > > > >=3D3D20 -----Original Message-----
> > > > > From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=3D3D3D20
> > > > > Sent: Tuesday, March 07, 2006 8:11 AM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] PIX 515e and ISA 2000 (I know, I=20
> > know) =3D3D20 =3D20
> > > > >http://www.ISAserver.org =3D3D20 Hi all =3D3D20 I didnt=20
> > really get any=3D20
> > > > >answers to my ISA VPN question so I just gave
> > > > up
> > > > > and I will install a PIX. For some reason the ISA VPN=20
> > connects but I
> > >=20
> > > > > cant see the internal lan. Im not sure if I need a=20
> > static route on=3D20
> > > > > the ISA box or not. But to be honest this is the last=20
> > straw. Ive=3D20
> > > > > been using ISA
> > > > for
> > > > > 3
> > > > > years. Feature wise very good. Configuration very easy.
> > > > Stability.......
> > > > > Anyway I would like to combine the advantages of the=20
> > PIX (we already
> > >=20
> > > > > have sitting here doing nothing) i.e. hardware VPN,=20
> > stability, speed
> > >=20
> > > > > and
> > > > ISA
> > > > > 2000 exchange publishing , SMTP protection etc. I want=20
> > to configure=3D20
> > > > > in the simple back to back configuration. Besides turning =
> off=3D20
> > > > > Message Guard
> > > > on
> > > > > the PIX how do I get OWA/OMA through the PIX? Any other=20
> > gotyas' I
> > > > should
> > > > > know about.
> > > > >=3D3D20
> > > > > ------------------------------------------------------
> > > > > List Archives:=3D20
> > > > >http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist
> > > > > ISA Server Newsletter:=20
> > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ: =3D3D
> > > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3D3DFAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our other
sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org=20
> > Discussion List
> > > as:
> > > > > tshinder@xxxxxxxxxxxxxxxxxx
> > > > > To unsubscribe visit =3D3D3D
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx =3D3D20 =3D3D20
> > > > >=3D3D20
> > > > > ------------------------------------------------------
> > > > > List Archives:=3D20
> > > > >http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist
> > > > > ISA Server Newsletter:=20
> > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ: =3D3D
> > > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3D3DFAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our other
sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org=20
> > Discussion List
> > > as:
> > > > =3D3D3D
> > > > > gauthiera@xxxxxxxxxxxxxxxxx
> > > > > To unsubscribe visit =3D3D3D
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx =3D3D20 =3D3D20
> > > > > ------------------------------------------------------
> > > > > List Archives:=3D20
> > > > >http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist
> > > > > ISA Server Newsletter:=20
> > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ: =3D3D
> > > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3D3DFAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our other
sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org=20
> > Discussion List
> > > as:
> > > > =3D3D3D
> > > > > tshinder@xxxxxxxxxxxxxxxxxx
> > > > > To unsubscribe visit =3D3D3D
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >=3D20
> > > > ------------------------------------------------------
> > > > List Archives:=20
> > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist
> > > > ISA Server Newsletter:=20
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: =3D
> > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3DFAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org=20
> > Discussion List as:
> > > > tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit =3D3D
> > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx =3D20 =3D20 =3D20
> > > > ------------------------------------------------------
> > > > List Archives:=20
> > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist
> > > > ISA Server Newsletter:=20
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: =3D
> > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3DFAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org=20
> > Discussion List as:
> > >=20
> > > > =3D3D gauthiera@xxxxxxxxxxxxxxxxx To unsubscribe visit
> > > > =3D3D=3D20
> > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >=20
> > > ------------------------------------------------------
> > > List Archives: =
> http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist
> > > ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:=20
> > http://www.isaserver.org/pages/larticle.asp?type=3D3DFAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org=20
> > Discussion List as:
> > > isalist@xxxxxxxxxx To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> >=20
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
> >http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion=20
> >List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit=20
> >http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> > Report abuse to listadmin@xxxxxxxxxxxxx =20 =20
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
wrascher@xxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
