RE: ISA Design Question: Best Practice

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 28 May 2003 09:55:51 -0500

Hi David,
 
I actually have an article "in the can" on this subject. There are a lot
of ways of going this, but the technique mentioned by Shawn is best --
if you have public addresses avaialble, just give them a public address
and put the WAP in front of the ISA Server.
 
Another approach could be to create a LAT-based DMZ. This is especially
good if hosts don't need to access the internal network. The LAT-based
DMZ hosts can be exposed to the firewall policy while not being able to
access resources on the internal network. If the WAP segment host does
need access to the internal network for some reason, you can create a
VPN connection and directly access resources on the internal network.
 
HTH,
Tom
 
 
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>  
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp> 

 

        -----Original Message-----
        From: David V. Dellanno [mailto:ddellanno@xxxxxxxxxx] 
        Sent: Wednesday, May 28, 2003 7:30 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: ISA Design Question: Best Practice
        
        
        http://www.ISAserver.org
        
        http://www.ISAserver.org
        
        
        You're right Shawn, I could use a segregated vlan (or a simple
NAT?) and use one of the extra public IP's and then layout the CAT where
it would be needed.  The virus protection, I agree, would be thier
problem.  The answer is adequate for a small business, but is it the
same process for a medium to large scale environments?

                -----Original Message-----
                From: Quillman Shawn (RBNA/CIT1.1) *
[mailto:Shawn.Quillman@xxxxxxxxxxxx] 
                Sent: Wednesday, May 28, 2003 8:12 AM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] RE: ISA Design Question: Best
Practice
                
                
                If you have extra public IP's, create a segregated vlan
that is part of the subnet the outside of your firewall.  'Course they'd
have to provide their own virus protection, but that's not really your
problem since they wouldn't be on your network.  From your point of view
it'd be no different than if they were at their office, unless you allow
all kinds of incoming traffic for that subnet.
                 
                -Shawn

                ----- 
                Shawn R. Quillman 
                Robert Bosch Corporation RBNA/CIT1.1 
                38000 Hills Tech Drive 
                Farmington Hills, MI  48331 
                (248) 553-1164 (P)     (248) 848-2855 (F) 
                shawn.quillman@xxxxxxxxxxxx 

                         

Other related posts:

• » ISA Design Question: Best Practice
• » RE: ISA Design Question: Best Practice
• » RE: ISA Design Question: Best Practice
• » RE: ISA Design Question: Best Practice
• » RE: ISA Design Question: Best Practice
• » Re: ISA Design Question: Best Practice
• » Re: ISA Design Question: Best Practice
• » RE: ISA Design Question: Best Practice
• » RE: ISA Design Question: Best Practice
• » RE: ISA Design Question: Best Practice
• » Re: ISA Design Question: Best Practice
• » RE: ISA Design Question: Best Practice
• » RE: ISA Design Question: Best Practice
• » Re: ISA Design Question: Best Practice
• » Re: ISA Design Question: Best Practice

1. Home
2. isalist
3. Archive
4. 05-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---