Rank has nothing to do with you. Once you're elected, you're a ruler. Try it, you'll see. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] > Sent: Thursday, December 08, 2005 8:52 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: External Network Logic > > http://www.ISAserver.org > > So IT staff are equal to higher ranking members of the civil service > then? > > Amy > > Harbor Computer Services > Small Business Computer Specialists > > Client Blog: http://smalltechnotes.blogspot.com/ > Tech Blog: http://isainsbs.blogspot.com/ > Website: http://www.harborcomputerservices.net/ > > > > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Thursday, December 08, 2005 9:35 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: External Network Logic > > http://www.ISAserver.org > > Hi Amy, > > Yes, like our public servants. You know, the ones we pay confiscatory > income taxes to based on their representative good judgement. > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > -----Original Message----- > > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] > > Sent: Thursday, December 08, 2005 8:17 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: External Network Logic > > > > http://www.ISAserver.org > > > > But servers have no purpose other than to serve clients. In > servitude > > they must remain regardless of how "clean" you think you've > made them. > > > > Amy > > > > Harbor Computer Services > > Small Business Computer Specialists > > > > Client Blog: http://smalltechnotes.blogspot.com/ > > Tech Blog: http://isainsbs.blogspot.com/ > > Website: http://www.harborcomputerservices.net/ > > > > > > > > > > -----Original Message----- > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > Sent: Wednesday, December 07, 2005 8:52 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: External Network Logic > > > > http://www.ISAserver.org > > > > Man- what one typo can mess up... > > > > I meant: > > I am NOT talking about the back-to-back DMZ with an Exchange FE > > Perimeter. > > > > I AM talking about a new machine that goes between the > > clients machines > > and > > the servers. That's all it does-- separates the filthy, > > nasty, cesspool > > of > > festering client scum from my beautiful, clean, and perfectly > > configured > > > > servers. > > > > t > > > > ----- Original Message ----- > > From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Sent: Wednesday, December 07, 2005 5:07 PM > > Subject: [isalist] RE: External Network Logic > > > > > > http://www.ISAserver.org > > > > How many hops does that make to the Internet for the > Internal network > > PC's? > > > > Amy > > > > Harbor Computer Services > > Small Business Computer Specialists > > > > Client Blog: http://smalltechnotes.blogspot.com/ > > Tech Blog: http://isainsbs.blogspot.com/ > > Website: http://www.harborcomputerservices.net/ > > > > > > > > > > -----Original Message----- > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > Sent: Wednesday, December 07, 2005 8:06 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: External Network Logic > > > > http://www.ISAserver.org > > > > OK- just so we're on the same page-- I'm not talking about my > > back-to-back > > DMZ config that does indeed have a DMZ Perimeter network on > the BE ISA > > for > > my FE Exchange server. That's done. > > > > I'm not talking about a NEW box going into my internal network to > > physically > > separate client systems from server systems. That's the one I was > > talking > > about having 2 nics with no "External" resources. > > t > > > > > > > > ----- Original Message ----- > > From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Sent: Wednesday, December 07, 2005 4:41 PM > > Subject: [isalist] RE: External Network Logic > > > > > > > http://www.ISAserver.org > > > > > > This isn't a back-to-back config. This is a single > server going in > > > between my clients and my servers... There won't be a way > to "NAT to > > the > > > Internet" in that config as the only defined rule will be a route > > > relationship from the Perimeter to the Internal. > > > > > > I understand the concept that "Internet" is is the > default gateway, > > but in > > > this case, there can't be a "Nat" relationship anywhere. > > > t > > > > > > > > > ----- Original Message ----- > > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > > Sent: Wednesday, December 07, 2005 4:25 PM > > > Subject: [isalist] RE: External Network Logic > > > > > > > > > http://www.ISAserver.org > > > > > > No, the Internet is always there, unless you're talking about a > > > caponized ISA firewall (single NIC). > > > > > > The Internet is reached via the NIC with the default > gateway defined > > on > > > it, which in a back to back config would be the internal > > interface of > > > the FE ISA firewall. > > > > > > There is one point of confusion induced by the UI -- and > that's the > > > ability to create an "external Network". There is no > > difference from > > > the firewall's point of view between a perimeter Network and an > > external > > > Network. So, you can create another external Network if you > > like, but > > > its *exactly the same* as a perimeter network from ISA's > > multinetworking > > > point of view. The default External Network is always > there (except > > for > > > the unihomed ISA firewall). > > > > > > For example, if a client on the default Internal Network > > connects to a > > > host on the perimeter network between the ISA firewalls, the > > connections > > > are routed and the source IP address is not replaced. If a > > host on the > > > default internal Network connects to an IP addresses that > is part of > > the > > > default External Network (which is the Internet) the > connection will > > be > > > NATed. > > > > > > The ISA firewall's ability to enable control over your route > > > relationships really does give you a lot of flexibility. > > > > > > Thomas W Shinder, M.D. > > > Site: www.isaserver.org > > > Blog: http://spaces.msn.com/members/drisa/ > > > Book: http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > > > > > > > > > > >> -----Original Message----- > > >> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > >> Sent: Wednesday, December 07, 2005 5:39 PM > > >> To: [ISAserver.org Discussion List] > > >> Subject: [isalist] RE: External Network Logic > > >> > > >> http://www.ISAserver.org > > >> > > >> One thing though, just so I understand-- How would I NAT to > > >> the Internet? > > >> There *is no* "Internet" per se in a 2 NIC config with both > > >> defined as ISA > > >> Firewall Networks, right? There would be route > > relationship from the > > >> Internal to the DMZ Perimeter. The Internet would only > exist if an > > >> Interface was added and not defined elsewhere, correct? > > >> t > > >> > > >> ----- Original Message ----- > > >> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> > > >> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > >> Sent: Wednesday, December 07, 2005 3:01 PM > > >> Subject: [isalist] RE: External Network Logic > > >> > > >> > > >> http://www.ISAserver.org > > >> > > >> The default External Network is defined as all addresses that > > >> defined by > > >> any other ISA firewall Network. So, there is still an > > >> external network, > > >> you just don't have any access to it, since you've created > > >> ISA firewall > > >> Networks for both the NIC (one for the default Internal > > >> Network and one > > >> for the ISA firewall Network representing the perimeter > > network NIC). > > >> > > >> You can use this in a number of scenarios, like turning the > > >> DMZ between > > >> the BE and FE ISA firewall into an ISA firewall Network > > and creating > > a > > >> route Network Rule between that and the default Internal > > Network, but > > >> still NAT'ing to the Internet. Pretty slick, eh? > > >> > > >> Thomas W Shinder, M.D. > > >> Site: www.isaserver.org > > >> Blog: http://spaces.msn.com/members/drisa/ > > >> Book: http://tinyurl.com/3xqb7 > > >> MVP -- ISA Firewalls > > >> **Who is John Galt?** > > >> > > >> > > >> > > >> > -----Original Message----- > > >> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > >> > Sent: Wednesday, December 07, 2005 4:57 PM > > >> > To: [ISAserver.org Discussion List] > > >> > Subject: [isalist] External Network Logic > > >> > > > >> > http://www.ISAserver.org > > >> > > > >> > So, you've got ISA with 2 NIC's. You define the Internal > > >> > range on one NIC, > > >> > leaving the other NIC as "External." You then add a > > >> > perimeter network, and > > >> > give it the IP range of what used to be the "External" NIC. > > >> > What happens to > > >> > the concept of the External network since you now have a > > >> > trusted Internal > > >> > network and a less trusted "Perimeter" network, but no real > > >> > "External" > > >> > network anymore. Will it just be an "empty" network set > > >> > sitting there all > > >> > alone in the cold, cold ground? > > >> > > > >> > t > > >> > > > >> > > > >> > ------------------------------------------------------ > > >> > List Archives: > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > >> > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > >> > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > >> > ------------------------------------------------------ > > >> > Visit TechGenix.com for more information about our other sites: > > >> > http://www.techgenix.com > > >> > ------------------------------------------------------ > > >> > You are currently subscribed to this ISAserver.org Discussion > > >> > List as: tshinder@xxxxxxxxxxxxxxxxxx > > >> > To unsubscribe visit > > >> > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > >> > Report abuse to listadmin@xxxxxxxxxxxxx > > >> > > > >> > > > >> > > >> ------------------------------------------------------ > > >> List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > >> ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > >> ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > >> ------------------------------------------------------ > > >> Visit TechGenix.com for more information about our other sites: > > >> http://www.techgenix.com > > >> ------------------------------------------------------ > > >> You are currently subscribed to this ISAserver.org Discussion > > >> List as: > > >> thor@xxxxxxxxxxxxxxx > > >> To unsubscribe visit > > >> http://www.webelists.com/cgi/lyris.pl?enter=isalist > > >> Report abuse to listadmin@xxxxxxxxxxxxx > > >> > > >> > > >> > > >> ------------------------------------------------------ > > >> List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > >> ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > >> ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > >> ------------------------------------------------------ > > >> Visit TechGenix.com for more information about our other sites: > > >> http://www.techgenix.com > > >> ------------------------------------------------------ > > >> You are currently subscribed to this ISAserver.org Discussion > > >> List as: tshinder@xxxxxxxxxxxxxxxxxx > > >> To unsubscribe visit > > >> http://www.webelists.com/cgi/lyris.pl?enter=isalist > > >> Report abuse to listadmin@xxxxxxxxxxxxx > > >> > > >> > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > > Discussion List as: > > > > > thor@xxxxxxxxxxxxxxx > > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > > Discussion List as: > > > > > thor@xxxxxxxxxxxxxxx > > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: > > thor@xxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >