http://www.ISAserver.org ------------------------------------------------------- The response you get is based on having to deal with the "hardware is more secure", "DMZ is more secure" and "more layers is more secure" mentality that is espoused without regard to traffic profiles or any "real" security need or threat mitigation (such as you yourself described). The point of adding a CisPixJuniBluSquid device simply on the basis of "that adds security" is false on the face of it. All devices or software solutions are equally prone to deployment and management fubars as the rest. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ray Dzek Sent: Friday, September 07, 2007 9:59 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: ASA 5500 in front of ISA 2006 http://www.ISAserver.org ------------------------------------------------------- When I see posts like this, it just proves that you all have degenerated to the same level as the "ISA sucks" crowd. I would think that you all would be tired of typing the same response whenever anybody asks about configuring ISA in a multi-firewall environment. Maybe you all have just created a mail rule that auto generates the "How dare you integrate any other firewall with ISA. Nothing else is worthy. Get rid of the other firewall, it sucks." Everybody has the hardware and environment they have to deal with. It is what it is. I have to deal with ISA, ASA, and Sonicwall. I like features and performance aspects of each. There are also plenty of things I can't stand about each. When I started with this list we had MS Proxy Server. It was a different attitude. You all have become grumpy, jaded, and yet more immature than ever in your old age. Congratulations... You are now just like any other hardware firewall e-mail list. > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat > Sent: Thursday, September 06, 2007 4:14 PM > To: ISA Mailing List > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > http://www.ISAserver.org > ------------------------------------------------------- > > Beat me to it... > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] > On Behalf Of Thomas W Shinder > Sent: Thursday, September 06, 2007 6:57 PM > To: ISA Mailing List > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > http://www.ISAserver.org > ------------------------------------------------------- > > I was wondering what the ASA bug box was doing there too. Adding a > level > of complexity to help increase the risk of misconfiguration? > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- Microsoft Firewalls (ISA) > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > Sent: Thursday, September 06, 2007 3:40 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > Make it easy for yourself. > > Lose the Cisco or sell it to some unsuspecting victim. > > Add another NIC to ISA and create a third-leg DMZ. > > This way, only ISA has access to the traffic between these networks. > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Robert Wolff > > Sent: Thursday, September 06, 2007 1:27 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] ASA 5500 in front of ISA 2006 > > > > All, > > > > > > > > Does anyone know any tricks or have any experience with > > configuration in > > the following scenario: > > > > > > > > Inet Router => Cisco ASA firewall => DMZ => ISA 2006 Firewall > > =>Internal > > network > > > > > > > > The current network layout is just a single ISA 2006 firewall. I'm > > looking to create a new DMZ segment between the ISA and ASA for > future > > web, DNS, and email servers. > > > > > > > > Inet Router => ISA 2006 Firewall => Internal Network > > > > > > > > One of the last problems I have is getting OWA to work. I can get > the > > initial login screen to appear, but after logon I get page cannot be > > displayed after several seconds of waiting. > > > > > > > > Thanks, > > > > -Bob- > > > > > > All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx