[isalist] Re: ASA 5500 in front of ISA 2006
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Fri, 7 Sep 2007 10:29:38 -0700
http://www.ISAserver.org
-------------------------------------------------------
The response you get is based on having to deal with the "hardware is
more secure", "DMZ is more secure" and "more layers is more secure"
mentality that is espoused without regard to traffic profiles or any
"real" security need or threat mitigation (such as you yourself
described).
The point of adding a CisPixJuniBluSquid device simply on the basis of
"that adds security" is false on the face of it. All devices or
software solutions are equally prone to deployment and management fubars
as the rest.
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Ray Dzek
Sent: Friday, September 07, 2007 9:59 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ASA 5500 in front of ISA 2006
http://www.ISAserver.org
-------------------------------------------------------
When I see posts like this, it just proves that you all have degenerated
to the same level as the "ISA sucks" crowd. I would think that you all
would be tired of typing the same response whenever anybody asks about
configuring ISA in a multi-firewall environment. Maybe you all have
just created a mail rule that auto generates the "How dare you integrate
any other firewall with ISA. Nothing else is worthy. Get rid of the
other firewall, it sucks."
Everybody has the hardware and environment they have to deal with. It
is what it is. I have to deal with ISA, ASA, and Sonicwall. I like
features and performance aspects of each. There are also plenty of
things I can't stand about each.
When I started with this list we had MS Proxy Server. It was a
different attitude. You all have become grumpy, jaded, and yet more
immature than ever in your old age. Congratulations... You are now
just like any other hardware firewall e-mail list.
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
> Sent: Thursday, September 06, 2007 4:14 PM
> To: ISA Mailing List
> Subject: [isalist] Re: ASA 5500 in front of ISA 2006
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Beat me to it...
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Thursday, September 06, 2007 6:57 PM
> To: ISA Mailing List
> Subject: [isalist] Re: ASA 5500 in front of ISA 2006
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> I was wondering what the ASA bug box was doing there too. Adding a
> level
> of complexity to help increase the risk of misconfiguration?
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- Microsoft Firewalls (ISA)
>
>
>
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > Sent: Thursday, September 06, 2007 3:40 PM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: ASA 5500 in front of ISA 2006
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > Make it easy for yourself.
> > Lose the Cisco or sell it to some unsuspecting victim.
> > Add another NIC to ISA and create a third-leg DMZ.
> > This way, only ISA has access to the traffic between these networks.
> >
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Robert Wolff
> > Sent: Thursday, September 06, 2007 1:27 PM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] ASA 5500 in front of ISA 2006
> >
> > All,
> >
> >
> >
> > Does anyone know any tricks or have any experience with
> > configuration in
> > the following scenario:
> >
> >
> >
> > Inet Router => Cisco ASA firewall => DMZ => ISA 2006 Firewall
> > =>Internal
> > network
> >
> >
> >
> > The current network layout is just a single ISA 2006 firewall. I'm
> > looking to create a new DMZ segment between the ISA and ASA for
> future
> > web, DNS, and email servers.
> >
> >
> >
> > Inet Router => ISA 2006 Firewall => Internal Network
> >
> >
> >
> > One of the last problems I have is getting OWA to work. I can get
> the
> > initial login screen to appear, but after logon I get page cannot be
> > displayed after several seconds of waiting.
> >
> >
> >
> > Thanks,
> >
> > -Bob-
> >
> >
> > All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
