*remembers to read all replies FIRST before assuming that ISA can things that a PIX can do* D'Oh! Troy Radtke -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, April 14, 2004 4:44 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Some question on ISA Server funtionality http://www.ISAserver.org Hi Radien, ISA NATs from LAT to non-LAT hosts. Routes from LAT to LAT hosts or non-LAT to non-LAT hosts. Packet filters control LAT to LAT and non-LAT to non-LAT communications. Protocol Rules control LAT to non-LAT communications. No granular control of IP address bindings with LAT. Access control via packet filters is like with Linux, just weak packet filtering without strong access control. Firewall Client enables strong user/group based authenticated outbound access and secondary connection management using a generic Winsock proxy. Far superior to primative packet filtering which is ignorant of application layer and authenticated access control. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: radien@xxxxxxxxx [mailto:radien@xxxxxxxxx] Sent: Wednesday, April 14, 2004 5:14 AM To: [ISAserver.org Discussion List] Subject: [isalist] Some question on ISA Server funtionality http://www.ISAserver.org Dear All I'm a linux guy, and trying to underestand ISA Server 2000. I read ISA Server 2000's documentation. There are something that can't Understand. See, It's what I think about ISA server and I'm not sure about them, +Am I right about them: ------------------------------------------------------------------------ -------- It seems ISA Server NATs outgoing traffic by default. It seems ISA Server uses fire client software to detect RELATED packets (related to an application that has existing connection(s)) to for those protocols that do not have a defined application filter. ------------------------------------------------------------------------ -------- +And here my questions: ------------------------------------------------------------------------ -------- How to NAT to many (more than one) IP's? (Specific or mapping to a range) How about ordinary routing between different networks?? specially if you want put some access control or filtering on passing trough traffic. What is the order of processing "IP Packet Filter" rules, for a packet? ------------------------------------------------------------------------ -------- Thx in advance Regards __Radien__ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tradtke@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')