[isalist] Re: ASA 5500 in front of ISA 2006

  • From: "Greg Mulholland" <gmulholland@xxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Sat, 8 Sep 2007 07:08:53 +1000

http://www.ISAserver.org
-------------------------------------------------------
  
Consider the lily



-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thomas W Shinder
Sent: Saturday, 8 September 2007 5:37 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ASA 5500 in front of ISA 2006

http://www.ISAserver.org
-------------------------------------------------------
  
But consider the context, OK?

It's like someone coming into a police forum and saying:

"I have a derringer at the front door (ASA) and I wonder how to use it
with my Desert Eagle .50 (ISA Firewall) in my bedroom"

What do you think the response is going to be?

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thor (Hammer of God)
Sent: Friday, September 07, 2007 2:06 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ASA 5500 in front of ISA 2006

http://www.ISAserver.org
-------------------------------------------------------
  
That's why you can't communicate!!! ;)

t

> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Friday, September 07, 2007 10:55 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: ASA 5500 in front of ISA 2006
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> Well, that was how I tried to respond, but I guess interpretation ==
> reality.
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx]
> On Behalf Of Thor (Hammer of God)
> Sent: Friday, September 07, 2007 10:43 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: ASA 5500 in front of ISA 2006
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> That's not his point... his point is the "attitude" of the
> conversation,
> not the discussion of the perception of a "hardware firewall" vs a
> "software firewall."  And I have to say, his points are valid as
stated
> IMO.
> 
> I don't think my loyalty to ISA can be questioned, yet I've got a
> Netgear FVX538 in front of everything here.  Not because I think a
> "hardware firewall" is "better," but because it works for my
> environment, and allows me to do things I want a little differently
> than
> what I could do otherwise, even though there are aspects of its
> configuration that drive me crazy.
> 
> You're absolutely right about the security of any device in any given
> configuration, but we don't have conversations like that, do we?
> t
> 
> 
> 
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > Sent: Friday, September 07, 2007 10:30 AM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: ASA 5500 in front of ISA 2006
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > The response you get is based on having to deal with the "hardware
is
> > more secure", "DMZ is more secure" and "more layers is more secure"
> > mentality that is espoused without regard to traffic profiles or any
> > "real" security need or threat mitigation (such as you yourself
> > described).
> >
> > The point of adding a CisPixJuniBluSquid device simply on the basis
> of
> > "that adds security" is false on the face of it.  All devices or
> > software solutions are equally prone to deployment and management
> > fubars
> > as the rest.
> >
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> > bounce@xxxxxxxxxxxxx]
> > On Behalf Of Ray Dzek
> > Sent: Friday, September 07, 2007 9:59 AM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: ASA 5500 in front of ISA 2006
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > When I see posts like this, it just proves that you all have
> > degenerated
> > to the same level as the "ISA sucks" crowd.  I would think that you
> all
> > would be tired of typing the same response whenever anybody asks
> about
> > configuring ISA in a multi-firewall environment.  Maybe you all have
> > just created a mail rule that auto generates the "How dare you
> > integrate
> > any other firewall with ISA.  Nothing else is worthy.  Get rid of
the
> > other firewall, it sucks."
> >
> > Everybody has the hardware and environment they have to deal with.
> It
> > is what it is.  I have to deal with ISA, ASA, and Sonicwall.  I like
> > features and performance aspects of each.  There are also plenty of
> > things I can't stand about each.
> >
> > When I started with this list we had MS Proxy Server.  It was a
> > different attitude.  You all have become grumpy, jaded, and yet more
> > immature than ever in your old age.  Congratulations...  You are now
> > just like any other hardware firewall e-mail list.
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> > > bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
> > > Sent: Thursday, September 06, 2007 4:14 PM
> > > To: ISA Mailing List
> > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006
> > >
> > > http://www.ISAserver.org
> > > -------------------------------------------------------
> > >
> > > Beat me to it...
> > >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> > > bounce@xxxxxxxxxxxxx]
> > > On Behalf Of Thomas W Shinder
> > > Sent: Thursday, September 06, 2007 6:57 PM
> > > To: ISA Mailing List
> > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006
> > >
> > > http://www.ISAserver.org
> > > -------------------------------------------------------
> > >
> > > I was wondering what the ASA bug box was doing there too. Adding a
> > > level
> > > of complexity to help increase the risk of misconfiguration?
> > >
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://blogs.isaserver.org/shinder/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- Microsoft Firewalls (ISA)
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: isalist-bounce@xxxxxxxxxxxxx
> > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > > > Sent: Thursday, September 06, 2007 3:40 PM
> > > > To: isalist@xxxxxxxxxxxxx
> > > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006
> > > >
> > > > http://www.ISAserver.org
> > > > -------------------------------------------------------
> > > >
> > > > Make it easy for yourself.
> > > > Lose the Cisco or sell it to some unsuspecting victim.
> > > > Add another NIC to ISA and create a third-leg DMZ.
> > > > This way, only ISA has access to the traffic between these
> > networks.
> > > >
> > > > -----Original Message-----
> > > > From: isalist-bounce@xxxxxxxxxxxxx
> > > > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > > > On Behalf Of Robert Wolff
> > > > Sent: Thursday, September 06, 2007 1:27 PM
> > > > To: isalist@xxxxxxxxxxxxx
> > > > Subject: [isalist] ASA 5500 in front of ISA 2006
> > > >
> > > > All,
> > > >
> > > >
> > > >
> > > > Does anyone know any tricks or have any experience with
> > > > configuration in
> > > > the following scenario:
> > > >
> > > >
> > > >
> > > > Inet Router => Cisco ASA firewall => DMZ => ISA 2006 Firewall
> > > > =>Internal
> > > > network
> > > >
> > > >
> > > >
> > > > The current network layout is just a single ISA 2006 firewall.
> I'm
> > > > looking to create a new DMZ segment between the ISA and ASA for
> > > future
> > > > web, DNS, and email servers.
> > > >
> > > >
> > > >
> > > > Inet Router => ISA 2006 Firewall => Internal Network
> > > >
> > > >
> > > >
> > > > One of the last problems I have is getting OWA to work.  I can
> get
> > > the
> > > > initial login screen to appear, but after logon I get page
cannot
> > be
> > > > displayed after several seconds of waiting.
> > > >
> > > >
> > > >
> > > > Thanks,
> > > >
> > > > -Bob-
> > > >
> > > >
> > > > All mail to and from this domain is GFI-scanned.
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> > All mail to and from this domain is GFI-scanned.
> >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> All mail to and from this domain is GFI-scanned.
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 



------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts: