Re: [SPAM] - RE: ISA - Two NICs connected to one physical network - Email found in subject

  • From: "Joupin TAM" <joupin@xxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 15 Jul 2004 13:40:42 +0430

----- Original Message ----- 
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, July 15, 2004 1:21 PM
Subject: [SPAM] - [isalist] RE: ISA - Two NICs connected to one physical
network - Email found in subject


http://www.ISAserver.org

Hi Jim,

You are right, they are wrong.

Tell 'em to read http://www.isaserver.org/articles/2004tales.html and
then take notes on the babbling they do when they try to justify their
positions. It'll make for some entertaining bedtime reading and I'd be
glad to do an article on "The Psychology of Hardware Firewall
Expenditures". The key factor is that they *can not* admit they are
wrong, because then they would admit they can't justify the insane costs
and low security the "hardware" firewalls provide. It they did, they may
put their jobs at risk.

HTH,
Tom

-----Original Message-----
From: Jim [mailto:nre@xxxxxxxxxxx]
Sent: Wednesday, July 14, 2004 1:50 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA - Two NICs connected to one physical network

http://www.ISAserver.org

I've recently inherited a network and am having trouble convincing some
of the old timers that the design may be less than optimal.

Scenario -
ISA Server sandwiched between Router and hardware firewall.
ISA Server currently configured for Web Proxy only.
Router configured with two IP subnets on single ethernet interface;
primary and secondary.
ISA NICs configured with IPs matching the primary and secondary subnets
of routers interface.
Both ISA Server NICs plugged into the same physical LAN connection
(switch with no VLAN segmentation).

Granted there is a hardware firewall in front of the ISA Server and
Router but it seems to make more sense to have physical LAN separation
between the two ISA NIC interfaces instead of only logical IP
separation.

It seems to be working but, are there any valid arguments against this
particular scenario?
Or, is this a valid configuration for using the ISA Server for Web proxy
services only?

Any valid arguments one way or another will be appreciated.

Thank you.
Jim

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
joupin@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist

Other related posts:

  • » Re: [SPAM] - RE: ISA - Two NICs connected to one physical network - Email found in subject
  1. Home
  2. isalist
  3. Archive
  4. 07-2004