Are you saying that with a NAT based DMZ, ISA will then do stateful packet?
Will it also then do stateful packet to a NAT based DMZ on a tri-homed?
But if what you are suggesting,
Internet
|
ISA1
|
DMZ using NAT
|
ISA2
Internal Network with NAT
Wouldn't that break a VPN between a node on the internet and ISA2?
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
La Habra, CA 90631
www.reliancesoft.com
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, October 30, 2002 2:52 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Stateful inspection
http://www.ISAserver.org
Hi John,
Just try it out. You'll see that you have to create explicit packet filters
to allow inbound access and outbound responses. The packet filtering
mechanism won't track the state of the connection. That's why we always try
to steer you away from using ISA Server as a packet filtering router. You
get the same packet filtering capabilities as you get with the Win2k RRAS
filters.
The POWER is in the private address DMZ. You can create a private address
DMZ in a back to back setup, or you can leverage several methods to create a
LAT-based DMZ segment.
HTH,
Tom
-----Original Message-----
From: John Tolmachoff [mailto:isalist@xxxxxxxxxxxx]
Sent: Wednesday, October 30, 2002 4:05 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Stateful inspection
http://www.ISAserver.org
No.
That's why packet filters and trihomed DMZ (including public address DMZs),
suck. :-)
Tom, are you serious?
ISA does not do stateful packet in the DMZ?
:-(
Do the other vendors?
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
701 S. Euclid
La Habra, CA 91631
562-694-4800, ext. 104
jtolmachoff@xxxxxxxxxxxxxxxx
www.reliancesoft.com <http://www.reliancesoft.com/>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')