http://www.ISAserver.org ------------------------------------------------------- A true Lothario... Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- Microsoft Firewalls (ISA) > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > (Hammer of God) > Sent: Saturday, September 08, 2007 12:24 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > http://www.ISAserver.org > ------------------------------------------------------- > > Having a "good woman" has nothing whatsoever to do with my kind and > gentle demeanor. I've always been a "people person" and > humanitarian at > heart, all on my own thank you. > > Now if you'll excuse me, I'm going to go draw her a bubble bath, pour > her a cup of tea, and play guitar for her while she soaks and > contemplates man's inhumanity to man. > > t > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > Sent: Saturday, September 08, 2007 8:06 AM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > I have to disagree; if Bob hadn't come to this list for help and > > advice, > > we'd never have had the opportunity to wax tiresome about > our general > > dislike for the same prejudicial responses offered by much > of the ISA > > competition. > > > > Bob; you should be ashamed of yourself for expecting a professional > > response from such a group. > > Go ahead, Amy - add your "what; you never listen to me?!?" > in there - > > you have it coming. > > :-p > > > > I do agree with Tom on one point; Tim is ever so much nicer since a > > good > > woman took hold. > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > > bounce@xxxxxxxxxxxxx] > > On Behalf Of Thomas W Shinder > > Sent: Saturday, September 08, 2007 7:56 AM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > Greg, > > > > I think that misses the point. No one here advocates rip > and replace. > > We > > do advocate that you get an ISA Firewall and use it with > your existing > > one if you want, but I've never recommended rip and replace anyless > > you're talking about a Blue Coat, but that's another story :) > > > > The points here, and the ones that got lost were: > > > > * There was an ISA Firewall already in place > > * An ASA was brought it > > * Bob asked how to make the ASA work with the ISA Firewall > > * We asked why would they need a dreaded ASA when they > already had an > > imminently secure firewall > > * We found out that a defintiely ignorant and potentially corrupt > > auditor told them to buy unnessessary hardware > > * We ragged on the ignorant and potentially corrupt auditor > and called > > the boss a moron (or something similar) > > * Ray thought we were taking a rip and replace attitude because he > > missed the the part about the ignorant and potentially > corrupt auditor > > and focused on our unwillingness to help > > * We forgot about our job to help our colleages because we > got lost in > > the ignorance and corruption out there regarding competitors to the > ISA > > Firewall > > > > So, I think everyone here screwed up a bit, except for Bob, who was > > just > > looking for a little help :) > > > > IMHO, > > Tom > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://blogs.isaserver.org/shinder/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- Microsoft Firewalls (ISA) > > > > > > > > > -----Original Message----- > > > From: isalist-bounce@xxxxxxxxxxxxx > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Mulholland > > > Sent: Friday, September 07, 2007 4:09 PM > > > To: isalist@xxxxxxxxxxxxx > > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > > > http://www.ISAserver.org > > > ------------------------------------------------------- > > > > > > I agree with Ray and also Thor. Whilst my loyalty is there I > > > am currently > > > and have been in the past involved in networks that have a > > significant > > > investment in other firewall/vpn devices. The simple reality > > > is that it's > > > just not possible to pull up stumps and re-deploy the whole > > > front edge of > > > the network without considerable planning, testing and work. > > > Ray is not > > > necessarily a new kid on the block (NKOTB) around here so I > > > think we should > > > cut him some slack. Allot of people who pop up here are at > > > times asking our > > > advice on how they could utilise ISA in the current setup. I > > > think that > > > shows a smart approach and we are almost preaching to the > > > converted there. > > > We should be happy and proud that people who come from the > > > "other side of > > > the tracks" as It were are able to find a place for ISA in > > > their network. I > > > know people who have expressed to me that they really like > > > the 2006 version > > > of product and if they had their time over would use it in > > > more extensively, > > > but in global organisations that process doesn't happen or > > > change overnight. > > > > > > Jim I'm not sure you intended it the way it came out or way people > > > interpretted so I don't need to poke you in the side but this > > > was a general > > > statement. > > > > > > Greg > > > > > > -----Original Message----- > > > From: isalist-bounce@xxxxxxxxxxxxx > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On > > > Behalf Of Thor (Hammer of God) > > > Sent: Saturday, 8 September 2007 3:43 AM > > > To: isalist@xxxxxxxxxxxxx > > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > > > http://www.ISAserver.org > > > ------------------------------------------------------- > > > > > > That's not his point... his point is the "attitude" of the > > > conversation, > > > not the discussion of the perception of a "hardware firewall" vs a > > > "software firewall." And I have to say, his points are valid > > > as stated > > > IMO. > > > > > > I don't think my loyalty to ISA can be questioned, yet I've got a > > > Netgear FVX538 in front of everything here. Not because I think a > > > "hardware firewall" is "better," but because it works for my > > > environment, and allows me to do things I want a little > > > differently than > > > what I could do otherwise, even though there are aspects of its > > > configuration that drive me crazy. > > > > > > You're absolutely right about the security of any device in any > given > > > configuration, but we don't have conversations like that, do we? > > > t > > > > > > > > > > > > > -----Original Message----- > > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > > > > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > > > Sent: Friday, September 07, 2007 10:30 AM > > > > To: isalist@xxxxxxxxxxxxx > > > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > > > > > http://www.ISAserver.org > > > > ------------------------------------------------------- > > > > > > > > The response you get is based on having to deal with the > > > "hardware is > > > > more secure", "DMZ is more secure" and "more layers is more > secure" > > > > mentality that is espoused without regard to traffic profiles or > > any > > > > "real" security need or threat mitigation (such as you yourself > > > > described). > > > > > > > > The point of adding a CisPixJuniBluSquid device simply on > > > the basis of > > > > "that adds security" is false on the face of it. All devices or > > > > software solutions are equally prone to deployment and > management > > > > fubars > > > > as the rest. > > > > > > > > -----Original Message----- > > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > > > > bounce@xxxxxxxxxxxxx] > > > > On Behalf Of Ray Dzek > > > > Sent: Friday, September 07, 2007 9:59 AM > > > > To: isalist@xxxxxxxxxxxxx > > > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > > > > > http://www.ISAserver.org > > > > ------------------------------------------------------- > > > > > > > > When I see posts like this, it just proves that you all have > > > > degenerated > > > > to the same level as the "ISA sucks" crowd. I would think that > you > > > all > > > > would be tired of typing the same response whenever anybody > > > asks about > > > > configuring ISA in a multi-firewall environment. Maybe you all > > have > > > > just created a mail rule that auto generates the "How dare you > > > > integrate > > > > any other firewall with ISA. Nothing else is worthy. Get > > > rid of the > > > > other firewall, it sucks." > > > > > > > > Everybody has the hardware and environment they have to > > > deal with. It > > > > is what it is. I have to deal with ISA, ASA, and Sonicwall. I > > like > > > > features and performance aspects of each. There are also plenty > of > > > > things I can't stand about each. > > > > > > > > When I started with this list we had MS Proxy Server. It was a > > > > different attitude. You all have become grumpy, jaded, and yet > > more > > > > immature than ever in your old age. Congratulations... You are > > now > > > > just like any other hardware firewall e-mail list. > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > > > > > bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat > > > > > Sent: Thursday, September 06, 2007 4:14 PM > > > > > To: ISA Mailing List > > > > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > > > > > > > http://www.ISAserver.org > > > > > ------------------------------------------------------- > > > > > > > > > > Beat me to it... > > > > > > > > > > -----Original Message----- > > > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > > > > > bounce@xxxxxxxxxxxxx] > > > > > On Behalf Of Thomas W Shinder > > > > > Sent: Thursday, September 06, 2007 6:57 PM > > > > > To: ISA Mailing List > > > > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > > > > > > > http://www.ISAserver.org > > > > > ------------------------------------------------------- > > > > > > > > > > I was wondering what the ASA bug box was doing there > too. Adding > > a > > > > > level > > > > > of complexity to help increase the risk of misconfiguration? > > > > > > > > > > Thomas W Shinder, M.D. > > > > > Site: www.isaserver.org > > > > > Blog: http://blogs.isaserver.org/shinder/ > > > > > Book: http://tinyurl.com/3xqb7 > > > > > MVP -- Microsoft Firewalls (ISA) > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: isalist-bounce@xxxxxxxxxxxxx > > > > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim > Harrison > > > > > > Sent: Thursday, September 06, 2007 3:40 PM > > > > > > To: isalist@xxxxxxxxxxxxx > > > > > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > > > > > > > > > http://www.ISAserver.org > > > > > > ------------------------------------------------------- > > > > > > > > > > > > Make it easy for yourself. > > > > > > Lose the Cisco or sell it to some unsuspecting victim. > > > > > > Add another NIC to ISA and create a third-leg DMZ. > > > > > > This way, only ISA has access to the traffic between these > > > > networks. > > > > > > > > > > > > -----Original Message----- > > > > > > From: isalist-bounce@xxxxxxxxxxxxx > > > > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > > > > > On Behalf Of Robert Wolff > > > > > > Sent: Thursday, September 06, 2007 1:27 PM > > > > > > To: isalist@xxxxxxxxxxxxx > > > > > > Subject: [isalist] ASA 5500 in front of ISA 2006 > > > > > > > > > > > > All, > > > > > > > > > > > > > > > > > > > > > > > > Does anyone know any tricks or have any experience with > > > > > > configuration in > > > > > > the following scenario: > > > > > > > > > > > > > > > > > > > > > > > > Inet Router => Cisco ASA firewall => DMZ => ISA > 2006 Firewall > > > > > > =>Internal > > > > > > network > > > > > > > > > > > > > > > > > > > > > > > > The current network layout is just a single ISA > 2006 firewall. > > > I'm > > > > > > looking to create a new DMZ segment between the ISA and ASA > for > > > > > future > > > > > > web, DNS, and email servers. > > > > > > > > > > > > > > > > > > > > > > > > Inet Router => ISA 2006 Firewall => Internal Network > > > > > > > > > > > > > > > > > > > > > > > > One of the last problems I have is getting OWA to work. > > > I can get > > > > > the > > > > > > initial login screen to appear, but after logon I get > > > page cannot > > > > be > > > > > > displayed after several seconds of waiting. > > > > > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > -Bob- > > > > > > > > > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > ------------------------------------------------------ > > > > List Archives: //www.freelists.org/archives/isalist/ > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server Articles and Tutorials: > > > > http://www.isaserver.org/articles_tutorials/ > > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > ------------------------------------------------------ > > > > List Archives: //www.freelists.org/archives/isalist/ > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server Articles and Tutorials: > > > > http://www.isaserver.org/articles_tutorials/ > > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > > > List Archives: //www.freelists.org/archives/isalist/ > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server Articles and Tutorials: > > > http://www.isaserver.org/articles_tutorials/ > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > ------------------------------------------------------ > > > List Archives: //www.freelists.org/archives/isalist/ > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server Articles and Tutorials: > > > http://www.isaserver.org/articles_tutorials/ > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > All mail to and from this domain is GFI-scanned. > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx