RE: External Network Logic

  • From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 8 Dec 2005 10:29:37 -0500

I was an elected official once. People enjoy beating up on you. They
live for it in fact. No matter who is in office, they still attend the
meetings and stir up trouble. Of course they won't volunteer, run for
office or otherwise do anything constructive. I'm frequently encouraged
to run for office again, but seeing as the power means nothing to me
(it's imaginary anyway), there's no reason to put up with the hassle. 

A people get the government, they deserve. I think I've heard that
someplace.

Amy
 
Harbor Computer Services
Small Business Computer Specialists
 

Client Blog: http://smalltechnotes.blogspot.com/
Tech Blog: http://isainsbs.blogspot.com/
Website: http://www.harborcomputerservices.net/
 

 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Thursday, December 08, 2005 10:10 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: External Network Logic

http://www.ISAserver.org

Rank has nothing to do with you. Once you're elected, you're a ruler.
Try it, you'll see.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 

> -----Original Message-----
> From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
> Sent: Thursday, December 08, 2005 8:52 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: External Network Logic
> 
> http://www.ISAserver.org
> 
> So IT staff are equal to higher ranking members of the civil service
> then?
> 
> Amy
>  
> Harbor Computer Services
> Small Business Computer Specialists
>  
> Client Blog: http://smalltechnotes.blogspot.com/
> Tech Blog: http://isainsbs.blogspot.com/
> Website: http://www.harborcomputerservices.net/
>  
> 
>  
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> Sent: Thursday, December 08, 2005 9:35 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: External Network Logic
> 
> http://www.ISAserver.org
> 
> Hi Amy,
> 
> Yes, like our public servants. You know, the ones we pay confiscatory
> income taxes to based on their representative good judgement.
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
> 
>  
> 
> > -----Original Message-----
> > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
> > Sent: Thursday, December 08, 2005 8:17 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: External Network Logic
> > 
> > http://www.ISAserver.org
> > 
> > But servers have no purpose other than to serve clients. In 
> servitude
> > they must remain regardless of how "clean" you think you've 
> made them.
> > 
> > Amy
> >  
> > Harbor Computer Services
> > Small Business Computer Specialists
> >  
> > Client Blog: http://smalltechnotes.blogspot.com/
> > Tech Blog: http://isainsbs.blogspot.com/
> > Website: http://www.harborcomputerservices.net/
> >  
> > 
> >  
> > 
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] 
> > Sent: Wednesday, December 07, 2005 8:52 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: External Network Logic
> > 
> > http://www.ISAserver.org
> > 
> > Man- what one typo can mess up...
> > 
> > I meant:
> > I am NOT talking about the back-to-back DMZ with an Exchange FE
> > Perimeter.
> > 
> > I AM talking about a new machine that goes between the 
> > clients machines
> > and 
> > the servers.  That's all it does-- separates the filthy, 
> > nasty, cesspool
> > of 
> > festering client scum from my beautiful, clean, and perfectly 
> > configured
> > 
> > servers.
> > 
> > t
> > 
> > ----- Original Message ----- 
> > From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Wednesday, December 07, 2005 5:07 PM
> > Subject: [isalist] RE: External Network Logic
> > 
> > 
> > http://www.ISAserver.org
> > 
> > How many hops does that make to the Internet for the 
> Internal network
> > PC's?
> > 
> > Amy
> > 
> > Harbor Computer Services
> > Small Business Computer Specialists
> > 
> > Client Blog: http://smalltechnotes.blogspot.com/
> > Tech Blog: http://isainsbs.blogspot.com/
> > Website: http://www.harborcomputerservices.net/
> > 
> > 
> > 
> > 
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > Sent: Wednesday, December 07, 2005 8:06 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: External Network Logic
> > 
> > http://www.ISAserver.org
> > 
> > OK- just so we're on the same page-- I'm not talking about my
> > back-to-back
> > DMZ config that does indeed have a DMZ Perimeter network on 
> the BE ISA
> > for
> > my FE Exchange server.  That's done.
> > 
> > I'm not talking about a NEW box going into my internal network to
> > physically
> > separate client systems from server systems.  That's the one I was
> > talking
> > about having 2 nics with no "External" resources.
> > t
> > 
> > 
> > 
> > ----- Original Message ----- 
> > From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Wednesday, December 07, 2005 4:41 PM
> > Subject: [isalist] RE: External Network Logic
> > 
> > 
> > > http://www.ISAserver.org
> > >
> > > This isn't a back-to-back config.  This is a single 
> server going in
> > > between my clients and my servers... There won't be a way 
> to "NAT to
> > the
> > > Internet" in that config as the only defined rule will be a route
> > > relationship from the Perimeter to the Internal.
> > >
> > > I understand the concept that "Internet" is is the 
> default gateway,
> > but in
> > > this case, there can't be a "Nat" relationship anywhere.
> > > t
> > >
> > >
> > > ----- Original Message ----- 
> > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Wednesday, December 07, 2005 4:25 PM
> > > Subject: [isalist] RE: External Network Logic
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > No, the Internet is always there, unless you're talking about a
> > > caponized ISA firewall (single NIC).
> > >
> > > The Internet is reached via the NIC with the default 
> gateway defined
> > on
> > > it, which in a back to back config would be the internal 
> > interface of
> > > the FE ISA firewall.
> > >
> > > There is one point of confusion induced by the UI -- and 
> that's the
> > > ability to create an "external Network".  There is no 
> > difference from
> > > the firewall's point of view between a perimeter Network and an
> > external
> > > Network. So, you can create another external Network if you 
> > like, but
> > > its *exactly the same* as a perimeter network from ISA's
> > multinetworking
> > > point of view. The default External Network is always 
> there (except
> > for
> > > the unihomed ISA firewall).
> > >
> > > For example, if a client on the default Internal Network 
> > connects to a
> > > host on the perimeter network between the ISA firewalls, the
> > connections
> > > are routed and the source IP address is not replaced. If a 
> > host on the
> > > default internal Network connects to an IP addresses that 
> is part of
> > the
> > > default External Network (which is the Internet) the 
> connection will
> > be
> > > NATed.
> > >
> > > The ISA firewall's ability to enable control over your route
> > > relationships really does give you a lot of flexibility.
> > >
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://spaces.msn.com/members/drisa/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > >
> > >
> > >
> > >> -----Original Message-----
> > >> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > >> Sent: Wednesday, December 07, 2005 5:39 PM
> > >> To: [ISAserver.org Discussion List]
> > >> Subject: [isalist] RE: External Network Logic
> > >>
> > >> http://www.ISAserver.org
> > >>
> > >> One thing though, just so I understand-- How would I NAT to
> > >> the Internet?
> > >> There *is no* "Internet" per se in a 2 NIC config with both
> > >> defined as ISA
> > >> Firewall Networks, right?  There would be route 
> > relationship from the
> > >> Internal to the DMZ Perimeter.  The Internet would only 
> exist if an
> > >> Interface was added and not defined elsewhere, correct?
> > >> t
> > >>
> > >> ----- Original Message ----- 
> > >> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > >> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > >> Sent: Wednesday, December 07, 2005 3:01 PM
> > >> Subject: [isalist] RE: External Network Logic
> > >>
> > >>
> > >> http://www.ISAserver.org
> > >>
> > >> The default External Network is defined as all addresses that
> > >> defined by
> > >> any other ISA firewall Network. So, there is still an
> > >> external network,
> > >> you just don't have any access to it, since you've created
> > >> ISA firewall
> > >> Networks for both the NIC (one for the default Internal
> > >> Network and one
> > >> for the ISA firewall Network representing the perimeter 
> > network NIC).
> > >>
> > >> You can use this in a number of scenarios, like turning the
> > >> DMZ between
> > >> the BE and FE ISA firewall into an ISA firewall Network 
> > and creating
> > a
> > >> route Network Rule between that and the default Internal 
> > Network, but
> > >> still NAT'ing to the Internet. Pretty slick, eh?
> > >>
> > >> Thomas W Shinder, M.D.
> > >> Site: www.isaserver.org
> > >> Blog: http://spaces.msn.com/members/drisa/
> > >> Book: http://tinyurl.com/3xqb7
> > >> MVP -- ISA Firewalls
> > >> **Who is John Galt?**
> > >>
> > >>
> > >>
> > >> > -----Original Message-----
> > >> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > >> > Sent: Wednesday, December 07, 2005 4:57 PM
> > >> > To: [ISAserver.org Discussion List]
> > >> > Subject: [isalist] External Network Logic
> > >> >
> > >> > http://www.ISAserver.org
> > >> >
> > >> > So, you've got ISA with 2 NIC's.  You define the Internal
> > >> > range on one NIC,
> > >> > leaving the other NIC as "External."  You then add a
> > >> > perimeter network, and
> > >> > give it the IP range of what used to be the "External" NIC.
> > >> > What happens to
> > >> > the concept of the External network since you now have a
> > >> > trusted Internal
> > >> > network and a less trusted "Perimeter" network, but no real
> > >> > "External"
> > >> > network anymore.  Will it just be an "empty" network set
> > >> > sitting there all
> > >> > alone in the cold, cold ground?
> > >> >
> > >> > t
> > >> >
> > >> >
> > >> > ------------------------------------------------------
> > >> > List Archives: 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > >> > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > >> > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > >> > ------------------------------------------------------
> > >> > Visit TechGenix.com for more information about our other sites:
> > >> > http://www.techgenix.com
> > >> > ------------------------------------------------------
> > >> > You are currently subscribed to this ISAserver.org Discussion
> > >> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > >> > To unsubscribe visit
> > >> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > >> > Report abuse to listadmin@xxxxxxxxxxxxx
> > >> >
> > >> >
> > >>
> > >> ------------------------------------------------------
> > >> List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > >> ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > >> ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > >> ------------------------------------------------------
> > >> Visit TechGenix.com for more information about our other sites:
> > >> http://www.techgenix.com
> > >> ------------------------------------------------------
> > >> You are currently subscribed to this ISAserver.org Discussion
> > >> List as:
> > >> thor@xxxxxxxxxxxxxxx
> > >> To unsubscribe visit
> > >> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > >> Report abuse to listadmin@xxxxxxxxxxxxx
> > >>
> > >>
> > >>
> > >> ------------------------------------------------------
> > >> List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > >> ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > >> ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > >> ------------------------------------------------------
> > >> Visit TechGenix.com for more information about our other sites:
> > >> http://www.techgenix.com
> > >> ------------------------------------------------------
> > >> You are currently subscribed to this ISAserver.org Discussion
> > >> List as: tshinder@xxxxxxxxxxxxxxxxxx
> > >> To unsubscribe visit
> > >> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > >> Report abuse to listadmin@xxxxxxxxxxxxx
> > >>
> > >>
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org 
> > Discussion List as:
> > 
> > > thor@xxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org 
> > Discussion List as:
> > 
> > > thor@xxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion 
> > List as: 
> > thor@xxxxxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion 
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 12-2005