Re: ISA Server Best Practices-Joining an internal N T Domain

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 30 Jan 2002 17:25:04 -0800

1. The question of VPN authentication is more one of how you define that
process than whether or not ISA live in or trusts the authenticating domain.
You can use NTLM or RADUIS, as you choose.
2. The question of CITRIX access is one of long debate, but I've seen many
folks have success with that.
You won't get an "all open" inbound rule for any internal host.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!

----- Original Message -----
From: "Pete Afrasiabi" <PAfrasiabi@xxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, January 30, 2002 11:49
Subject: [isalist] Re: ISA Server Best Practices-Joining an internal N T
Domain


http://www.ISAserver.org



1- Will I lose any inherent ISA functionality by setting up this seperate AD
Domain and establishing trust trelationships, like pass through
authentication for VPN or otherwise.

2- Also on the ONE to ONE NAT issue, is it true that I can not perform a NAT
to an internal server like a citrix server. If I am using a Citrix NFUSE
server in my DMZ will the external client be able to redirect to my internal
server?

Thanks
Pete

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, January 29, 2002 5:43 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA Server Best Practices-Joining an internal NT
Domain


http://www.ISAserver.org


Given the choice and the resources, build a separate domain for ISA and
trust the internal domain.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!

----- Original Message -----
From: "Pete Afrasiabi" <PAfrasiabi@xxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, January 29, 2002 16:35
Subject: [isalist] ISA Server Best Practices-Joining an internal NT Domain


http://www.ISAserver.org


Trying to figure out whether it makes sense to add my ISA server to my
internal domain or just create a new domain and establish trust
relationships with my existing.
I understand that there may some risk exposing my internal AD to the outside
world, even though its presumably being protected by ISA.
Any feedbacks would be appreciated.
Pete


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
pafrasiabi@xxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Re: ISA Server Best Practices-Joining an internal N T Domain
• » Re: ISA Server Best Practices-Joining an internal N T Domain
• » Re: ISA Server Best Practices-Joining an internal N T Domain

1. Home
2. isalist
3. Archive
4. 01-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---