RE: ISA in DMZ with authentication by Domain (with DC i n internal network)

• From: Christian.Schramm@xxxxxxxxxxxxxx
• To: isalist@xxxxxxxxxxxxx
• Date: Fri, 23 May 2003 10:03:24 +0200

Hi Tom,
 
In my opinion this depends on your definition of a perimeter network.
 
If you mean a perimeter network realized with three NICs on ISA you may be
right. But if you have a "normal" ISA installation which maybe is surrounded
by another firewall (e.g. paket filter) then you are wrong. I thought on
Etiennes post that he is in a latter situation and therefore needs to know
which ports exactly has to be opened in the packet filter to log on to a w2k
domain. This is described in the link to the KB article I sent yesterday.
 
Greets
Christian

-----Ursprüngliche Nachricht-----
Von: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Gesendet: Freitag, 23. Mai 2003 08:37
An: [ISAserver.org Discussion List]
Betreff: [isalist] RE: ISA in DMZ with authentication by Domain (with DC i n
internal network)


http://www.ISAserver.org


Hi Christian,
 
I think you sent the wrong link. You meant to send this one:
 
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q329807
<http://support.microsoft.com/default.aspx?scid=kb;en-us;Q329807> 
 
HTH,
Tom

Thomas W Shinder 
www.isaserver.org/shinder <http://www.isaserver.org/shinder>  
ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1>  
Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp>  

-----Original Message-----
From: Christian.Schramm@xxxxxxxxxxxxxx
[mailto:Christian.Schramm@xxxxxxxxxxxxxx] 
Sent: Thursday, May 22, 2003 6:47 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA in DMZ with authentication by Domain (with DC i n
internal network)


http://www.ISAserver.org


hi...
 
http://support.microsoft.com:80/support/kb/articles/Q280/1/32.ASP
<http://support.microsoft.com:80/support/kb/articles/Q280/1/32.ASP&NoWebCont
ent=1> &NoWebContent=1
 
Greets
Christian
 
 

-----Ursprüngliche Nachricht-----
Von: Etienne Goetynck [mailto:Etienne.Goetynck@xxxxxxx] 
Gesendet: Donnerstag, 22. Mai 2003 13:20
An: [ISAserver.org Discussion List]
Betreff: [isalist] ISA in DMZ with authentication by Domain (with DC in
internal network)


http://www.ISAserver.org



Hi everybody,

 

I have a ISA Server (on W2K srv SP3, stand alone server) in DMZ (not as FW,
just Web Publishing).

 

I would like that ISA Server be able to authenticate users of my domain, but
DC's ( W2K SRV SP3 ) are in the internal network.

 

Is it possible ? If yes, I suppose that I must open some protocols on the
Firewall...but, which ones.

 

Some help or idea's for me ?

 

Thank you in advance.

 

Etienne

 

 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
christian.schramm@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
christian.schramm@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts:

• » RE: ISA in DMZ with authentication by Domain (with DC i n internal network)
• » RE: ISA in DMZ with authentication by Domain (with DC i n internal network)
• » RE: ISA in DMZ with authentication by Domain (with DC i n internal network)
• » RE: ISA in DMZ with authentication by Domain (with DC i n internal network)
• » RE: ISA in DMZ with authentication by Domain (with DC i n internal network)
• » RE: ISA in DMZ with authentication by Domain (with DC i n internal network)
• » RE: ISA in DMZ with authentication by Domain (with DC i n internal network)
• » RE: ISA in DMZ with authentication by Domain (with DC i n internal network)
• » RE: ISA in DMZ with authentication by Domain (with DC i n internal network)

1. Home
2. isalist
3. Archive
4. 05-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---