RE: Connection Issue
- From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 29 Aug 2003 07:53:53 -0700
Eric, my apologies for leading this post down a stray path. As a temporary
inhabitant of one of your fine facilities there in 1998 which ultimately
lead me to where I am now, I thank you.
The most common reason for having another firewall in front of ISA is a DMZ
scenario, where the zone between the 2 is the DMZ zone. Otherwise, ISA is
perfectly capable of protecting the LAN from whatever evil lurks.
I have a client in somewhat the same situation. The ISP provides the router,
the old Novell network guys put the PIX in, and now there is now one to do
the PIX. Plan is to yank the PIX, eBay it, and replace it with ISA. In the
current setup, the router is configured with 2 static public IPs and a
public IP pool to private IP pool. So when I tried to introduce a temporary
SonicWALL between the 2 so I could connect to the servers, the users on the
LAN were cut off because of the Many to Many NAT pool.
My recommendation, if no DMZ is needed, yank the PIX.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-----Original Message-----
From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx]
Sent: Friday, August 29, 2003 7:33 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Connection Issue
http://www.ISAserver.org
Wisecracks aside, what I'm getting at is that it seems that ISA is still
being governed by our PIX. Question still remains, how many use ISA behind
another firewall? ISA can handle itself without being behind one, so why
would it be needed, especially if you didn't have any control over that
firewall?
Eric Poole
IS Security Analyst
<http://communitymedical.org/> Community Medical Centers
1140 "T" Street, Fresno, California 93721
559-459-6784 (phone) 559-459-2045 (fax)
-----Original Message-----
Other related posts:
