RE: ISA Network Elements and System Network Interfaces

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 16 Jan 2006 16:09:19 -0600

Hi Jerry,
 
Yes, it'll do that with a single NIC.
 
Tom
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls
**Who is John Galt?**

 


________________________________

        From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] 
        Sent: Monday, January 16, 2006 4:02 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: ISA Network Elements and System Network
Interfaces
        
        
        http://www.ISAserver.org
        

        Bummer.

         

        In any case, I'm going to get a second NIC brought up on that
box and have it configured correctly.  The only thing we're using it for
is to provide HTTPS connectivity to an OWA box in our trusted network.
So you're saying that even on a uni-homed box, ISA will still decrypt an
HTTPS connection, inspect the HTTP traffic, encrypt it again, and send
it back to the OWA box just fine?

        Cordially yours, 
        Jerry G. Young II 
          MCSE (4.0/W2K) 
        Atlanta EES Implementation Team Lead 
        HHS Engineering 
        Unisys 
          
        11493 Sunset Hills Rd. 
        Reston, VA 20190 
        Office: 703-579-2727 
        Cell: 703-625-1468 

        THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
PROPRIETARY MATERIAL and is thus for use only by the intended recipient.
If you received this in error, please contact the sender and delete the
e-mail and its attachments from all computers.

        
________________________________


        From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
        Sent: Monday, January 16, 2006 4:35 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: ISA Network Elements and System Network
Interfaces

         

        http://www.ISAserver.org

        Hi Jerry,

         

        While I like your nefarious purposes, you still get HTTP
inspection for incoming SSL connections. No config support outbound SSL
bridging :(

         

        Tom

         

        Thomas W Shinder, M.D.
        Site: www.isaserver.org <http://www.isaserver.org/> 
        Blog: http://spaces.msn.com/members/drisa/
        Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
        MVP -- ISA Firewalls
        **Who is John Galt?**

         

                 

                
________________________________


                From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] 
                Sent: Monday, January 16, 2006 3:29 PM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] RE: ISA Network Elements and System
Network Interfaces

                http://www.ISAserver.org

                Feel free to call me Jerry. *8^)  I always look over my
shoulder for my pops when people call me Mr. Young or Gerald. *8^)

                 

                Like I said, I'm cleaning up other peoples' messes.  I
was told that the uni-homed config was used because they couldn't get
the multi-homed config working (smacks of not understanding routing to
me but...).  I've always been a proponent for moving to a multi-homed
config but didn't have the proper ammunition until I started poking
around because they were experiencing problems they couldn't fix.

                 

                I just reviewed Chapter 4 in the ISA 2K4 book.  If I
read that correctly, because we're using a uni-homed template, we're not
receiving ANY of the HTTPS stateful filtering ISA is capable of on the
HTTPS connections?  Is that correct or am I interpreting the text to
meet my own nefarious purposes for switching the box to a multi-homed
config?  *8^)

                Cordially yours, 
                Jerry G. Young II 
                  MCSE (4.0/W2K) 
                Atlanta EES Implementation Team Lead 
                HHS Engineering 
                Unisys 
                  
                11493 Sunset Hills Rd. 
                Reston, VA 20190 
                Office: 703-579-2727 
                Cell: 703-625-1468 

                THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR
OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended
recipient. If you received this in error, please contact the sender and
delete the e-mail and its attachments from all computers. 

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 01-2006