Re: Arrays not part of domain + Surrogate Sockets

  • From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 13 Sep 2001 12:17:36 -0500

Hi Jim,

I'd say the Trust across firewalls issue is a 100% miss situation. We've
tried to make this work for over a month, trying everything in the KB
and it just does not work. Problems with NAT, Kerberos tickets, RPCs,
you name it. VPN is the only way to go. We have an excellent article
coming out next week on how to do this, thanks to the excellent work of
Jay S.

Tom
www.isaserver.org/shinder


Thomas W Shinder, M.D., MCSE, MCT
 


-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Thursday, September 13, 2001 12:14 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Arrays not part of domain + Surrogate Sockets


http://www.ISAserver.org


Inline...

Jim Harrison
MCP(2K), A+, Network+, PCG


----- Original Message -----
From: "VEITCH,NICHOLA (HP-UnitedKingdom,ex1)" <nichola_veitch@xxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, September 13, 2001 10:05
Subject: [isalist] Re: Arrays not part of domain + Surrogate Sockets


http://www.ISAserver.org


Hi Jim,

To clarify...
I need to create a new domain for the ISA servers in the DMZ.

* Yes; but beware the "trust across firewalls" issue; there are some
KB's on
the subject, but it's a very hit-and-miss proposition.

For ISA to listen for incoming connections on the ISA Server for each
mapping
defined it needs to be installed in FW/integrated mode.

* That depends on the incoming connection type.  If it a web protocol,
then
no.  If it's for any other protocol, then yes.

Thanks for your help.

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 13 September 2001 17:21
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Arrays not part of domain + Surrogate Sockets


http://www.ISAserver.org


Inline...

Jim Harrison
MCP(2K), A+, Network+, PCG


----- Original Message -----
From: <nichola_veitch@xxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, September 13, 2001 07:55
Subject: [isalist] Arrays not part of domain + Surrogate Sockets


http://www.ISAserver.org


Can anyone clarify whether an ISA server array can be set up that is not
part of the domain.  They are in the DMZ.  Do I need to set up a Domain
just for these ISA servers?

* ISA arrays absolutely depend on W2K AD structure.  You don't get them
any
other way.

ALSO...
Can ISA Server fulfill the following functionality of Surrogate Sockets:
Define static mappings through your ISA - either inbound or outbound.

* Yes; on a per-protocol basis.  RRAS is needed to hav "all allowed
inbound"

Limit by client IP address which clients can connect to each mapping.

* Absolutely

Can ISA listen for incoming connections on the ISA Server for each
mapping
defined?

* That's the basis of server publishing.

Many Thanks

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
nichola_veitch@xxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


Other related posts: