Hi Jerry, Yes, it'll do that with a single NIC. Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls **Who is John Galt?** ________________________________ From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] Sent: Monday, January 16, 2006 4:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Network Elements and System Network Interfaces http://www.ISAserver.org Bummer. In any case, I'm going to get a second NIC brought up on that box and have it configured correctly. The only thing we're using it for is to provide HTTPS connectivity to an OWA box in our trusted network. So you're saying that even on a uni-homed box, ISA will still decrypt an HTTPS connection, inspect the HTTP traffic, encrypt it again, and send it back to the OWA box just fine? Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Monday, January 16, 2006 4:35 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Network Elements and System Network Interfaces http://www.ISAserver.org Hi Jerry, While I like your nefarious purposes, you still get HTTP inspection for incoming SSL connections. No config support outbound SSL bridging :( Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls **Who is John Galt?** ________________________________ From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] Sent: Monday, January 16, 2006 3:29 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Network Elements and System Network Interfaces http://www.ISAserver.org Feel free to call me Jerry. *8^) I always look over my shoulder for my pops when people call me Mr. Young or Gerald. *8^) Like I said, I'm cleaning up other peoples' messes. I was told that the uni-homed config was used because they couldn't get the multi-homed config working (smacks of not understanding routing to me but...). I've always been a proponent for moving to a multi-homed config but didn't have the proper ammunition until I started poking around because they were experiencing problems they couldn't fix. I just reviewed Chapter 4 in the ISA 2K4 book. If I read that correctly, because we're using a uni-homed template, we're not receiving ANY of the HTTPS stateful filtering ISA is capable of on the HTTPS connections? Is that correct or am I interpreting the text to meet my own nefarious purposes for switching the box to a multi-homed config? *8^) Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx