----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, July 15, 2004 1:21 PM Subject: [SPAM] - [isalist] RE: ISA - Two NICs connected to one physical network - Email found in subject http://www.ISAserver.org Hi Jim, You are right, they are wrong. Tell 'em to read http://www.isaserver.org/articles/2004tales.html and then take notes on the babbling they do when they try to justify their positions. It'll make for some entertaining bedtime reading and I'd be glad to do an article on "The Psychology of Hardware Firewall Expenditures". The key factor is that they *can not* admit they are wrong, because then they would admit they can't justify the insane costs and low security the "hardware" firewalls provide. It they did, they may put their jobs at risk. HTH, Tom -----Original Message----- From: Jim [mailto:nre@xxxxxxxxxxx] Sent: Wednesday, July 14, 2004 1:50 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA - Two NICs connected to one physical network http://www.ISAserver.org I've recently inherited a network and am having trouble convincing some of the old timers that the design may be less than optimal. Scenario - ISA Server sandwiched between Router and hardware firewall. ISA Server currently configured for Web Proxy only. Router configured with two IP subnets on single ethernet interface; primary and secondary. ISA NICs configured with IPs matching the primary and secondary subnets of routers interface. Both ISA Server NICs plugged into the same physical LAN connection (switch with no VLAN segmentation). Granted there is a hardware firewall in front of the ISA Server and Router but it seems to make more sense to have physical LAN separation between the two ISA NIC interfaces instead of only logical IP separation. It seems to be working but, are there any valid arguments against this particular scenario? Or, is this a valid configuration for using the ISA Server for Web proxy services only? Any valid arguments one way or another will be appreciated. Thank you. Jim ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: joupin@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist