http://www.ISAserver.org ------------------------------------------------------- Consider the lily -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Saturday, 8 September 2007 5:37 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: ASA 5500 in front of ISA 2006 http://www.ISAserver.org ------------------------------------------------------- But consider the context, OK? It's like someone coming into a police forum and saying: "I have a derringer at the front door (ASA) and I wonder how to use it with my Desert Eagle .50 (ISA Firewall) in my bedroom" What do you think the response is going to be? -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Friday, September 07, 2007 2:06 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: ASA 5500 in front of ISA 2006 http://www.ISAserver.org ------------------------------------------------------- That's why you can't communicate!!! ;) t > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Friday, September 07, 2007 10:55 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > http://www.ISAserver.org > ------------------------------------------------------- > > Well, that was how I tried to respond, but I guess interpretation == > reality. > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] > On Behalf Of Thor (Hammer of God) > Sent: Friday, September 07, 2007 10:43 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > http://www.ISAserver.org > ------------------------------------------------------- > > That's not his point... his point is the "attitude" of the > conversation, > not the discussion of the perception of a "hardware firewall" vs a > "software firewall." And I have to say, his points are valid as stated > IMO. > > I don't think my loyalty to ISA can be questioned, yet I've got a > Netgear FVX538 in front of everything here. Not because I think a > "hardware firewall" is "better," but because it works for my > environment, and allows me to do things I want a little differently > than > what I could do otherwise, even though there are aspects of its > configuration that drive me crazy. > > You're absolutely right about the security of any device in any given > configuration, but we don't have conversations like that, do we? > t > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > Sent: Friday, September 07, 2007 10:30 AM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > The response you get is based on having to deal with the "hardware is > > more secure", "DMZ is more secure" and "more layers is more secure" > > mentality that is espoused without regard to traffic profiles or any > > "real" security need or threat mitigation (such as you yourself > > described). > > > > The point of adding a CisPixJuniBluSquid device simply on the basis > of > > "that adds security" is false on the face of it. All devices or > > software solutions are equally prone to deployment and management > > fubars > > as the rest. > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > > bounce@xxxxxxxxxxxxx] > > On Behalf Of Ray Dzek > > Sent: Friday, September 07, 2007 9:59 AM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > When I see posts like this, it just proves that you all have > > degenerated > > to the same level as the "ISA sucks" crowd. I would think that you > all > > would be tired of typing the same response whenever anybody asks > about > > configuring ISA in a multi-firewall environment. Maybe you all have > > just created a mail rule that auto generates the "How dare you > > integrate > > any other firewall with ISA. Nothing else is worthy. Get rid of the > > other firewall, it sucks." > > > > Everybody has the hardware and environment they have to deal with. > It > > is what it is. I have to deal with ISA, ASA, and Sonicwall. I like > > features and performance aspects of each. There are also plenty of > > things I can't stand about each. > > > > When I started with this list we had MS Proxy Server. It was a > > different attitude. You all have become grumpy, jaded, and yet more > > immature than ever in your old age. Congratulations... You are now > > just like any other hardware firewall e-mail list. > > > > > > > > > > > -----Original Message----- > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > > > bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat > > > Sent: Thursday, September 06, 2007 4:14 PM > > > To: ISA Mailing List > > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > > > http://www.ISAserver.org > > > ------------------------------------------------------- > > > > > > Beat me to it... > > > > > > -----Original Message----- > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > > > bounce@xxxxxxxxxxxxx] > > > On Behalf Of Thomas W Shinder > > > Sent: Thursday, September 06, 2007 6:57 PM > > > To: ISA Mailing List > > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > > > http://www.ISAserver.org > > > ------------------------------------------------------- > > > > > > I was wondering what the ASA bug box was doing there too. Adding a > > > level > > > of complexity to help increase the risk of misconfiguration? > > > > > > Thomas W Shinder, M.D. > > > Site: www.isaserver.org > > > Blog: http://blogs.isaserver.org/shinder/ > > > Book: http://tinyurl.com/3xqb7 > > > MVP -- Microsoft Firewalls (ISA) > > > > > > > > > > > > > -----Original Message----- > > > > From: isalist-bounce@xxxxxxxxxxxxx > > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > > > Sent: Thursday, September 06, 2007 3:40 PM > > > > To: isalist@xxxxxxxxxxxxx > > > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > > > > > http://www.ISAserver.org > > > > ------------------------------------------------------- > > > > > > > > Make it easy for yourself. > > > > Lose the Cisco or sell it to some unsuspecting victim. > > > > Add another NIC to ISA and create a third-leg DMZ. > > > > This way, only ISA has access to the traffic between these > > networks. > > > > > > > > -----Original Message----- > > > > From: isalist-bounce@xxxxxxxxxxxxx > > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > > > On Behalf Of Robert Wolff > > > > Sent: Thursday, September 06, 2007 1:27 PM > > > > To: isalist@xxxxxxxxxxxxx > > > > Subject: [isalist] ASA 5500 in front of ISA 2006 > > > > > > > > All, > > > > > > > > > > > > > > > > Does anyone know any tricks or have any experience with > > > > configuration in > > > > the following scenario: > > > > > > > > > > > > > > > > Inet Router => Cisco ASA firewall => DMZ => ISA 2006 Firewall > > > > =>Internal > > > > network > > > > > > > > > > > > > > > > The current network layout is just a single ISA 2006 firewall. > I'm > > > > looking to create a new DMZ segment between the ISA and ASA for > > > future > > > > web, DNS, and email servers. > > > > > > > > > > > > > > > > Inet Router => ISA 2006 Firewall => Internal Network > > > > > > > > > > > > > > > > One of the last problems I have is getting OWA to work. I can > get > > > the > > > > initial login screen to appear, but after logon I get page cannot > > be > > > > displayed after several seconds of waiting. > > > > > > > > > > > > > > > > Thanks, > > > > > > > > -Bob- > > > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > All mail to and from this domain is GFI-scanned. > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx