Hey guys, It is possible and just about everything works (still some questions about the IMer). Obviously, it's a poor security practice, but it can be done, as I've done it :-) HTH, Tom www.isaserver.org/shinder -----Original Message----- From: Mark T. Barringer [mailto:Mark@xxxxxxxxxxxxx] Sent: Monday, May 20, 2002 9:48 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Active Directory, Exchange 2000 and ISA on the same server. http://www.ISAserver.org The best reason is to show that a firewall cannot be secure if the firewall server itself contains sensitive data. Basically, the firewall server should be a member server without any other responsibility beyond ISA. If it has other duties, additional configuration is required to ensure ISA is truly "protecting" data on the firewall server itself, as well as data behind it. These additional configurations may impair your ability to configure ISA as you desire for other servers. The biggest "real" reason I can give you is that certain Exchange 2000 functions will require port 80 and the default website to be functional. Part of what you must do to get all of this to run on the same server would be to change the port used by the default (or any) website, so that ISA may listen on the default port 80. While Exchange's Outlook Web Access may be altered to use another port, Exchange's 2000 Instant Messaging cannot. Also, the Public Folder interface used in the Exchange System manager will require a port 80 connection to the \PUBLIC virtual directory to function correctly. You are far better off and have much more room to create if you use a web server located behind ISA, not on it. You are also greatly reducing the likelihood of a web based attack if there is no web server on the ISA server. Hope this helps. -Mark -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Monday, May 20, 2002 10:03 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Active Directory, Exchange 2000 and ISA on the same server. http://www.ISAserver.org Unfortunately, you won't find such a thing. SBS2K is exactly that and more. Granted, it's not a "best practice", but neither is it non-functional. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Leonard Rawbone" <leonard.rawbone@xxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, May 20, 2002 2:02 AM Subject: [isalist] Active Directory, Exchange 2000 and ISA on the same server. http://www.ISAserver.org Hi, one of my clients has decided to load to above three services on one server and I need some whitepaper etc just to show him why it cant be done apart from the obvious reasons. Thanx ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: Mark@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')