RE: ISA in DMZ with authentication by Domain (with DC i n internal network)
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 23 May 2003 09:40:28 -0500
Hi Christian,
Regardless of your definition of a perimeter network, you CAN NOT have members
of the internal network on an external network. External meaning non-LAT. That
was the setup I assumed, that he wanted to put domain member machines on a
non-LAT segment.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Christian.Schramm@xxxxxxxxxxxxxx
[mailto:Christian.Schramm@xxxxxxxxxxxxxx]
Sent: Friday, May 23, 2003 3:03 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA in DMZ with authentication by Domain (with
DC i n internal network)
http://www.ISAserver.org
Hi Tom,
In my opinion this depends on your definition of a perimeter network.
If you mean a perimeter network realized with three NICs on ISA you may
be right. But if you have a "normal" ISA installation which maybe is surrounded
by another firewall (e.g. paket filter) then you are wrong. I thought on
Etiennes post that he is in a latter situation and therefore needs to know
which ports exactly has to be opened in the packet filter to log on to a w2k
domain. This is described in the link to the KB article I sent yesterday.
Greets
Christian
-----Ursprüngliche Nachricht-----
Von: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Gesendet: Freitag, 23. Mai 2003 08:37
An: [ISAserver.org Discussion List]
Betreff: [isalist] RE: ISA in DMZ with authentication by Domain
(with DC i n internal network)
http://www.ISAserver.org
Hi Christian,
I think you sent the wrong link. You meant to send this one:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q329807
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Christian.Schramm@xxxxxxxxxxxxxx
[mailto:Christian.Schramm@xxxxxxxxxxxxxx]
Sent: Thursday, May 22, 2003 6:47 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA in DMZ with authentication
by Domain (with DC i n internal network)
http://www.ISAserver.org
hi...
http://support.microsoft.com:80/support/kb/articles/Q280/1/32.ASP&NoWebContent=1
Greets
Christian
-----Ursprüngliche Nachricht-----
Von: Etienne Goetynck
[mailto:Etienne.Goetynck@xxxxxxx]
Gesendet: Donnerstag, 22. Mai 2003 13:20
An: [ISAserver.org Discussion List]
Betreff: [isalist] ISA in DMZ with
authentication by Domain (with DC in internal network)
http://www.ISAserver.org
Hi everybody,
I have a ISA Server (on W2K srv SP3, stand
alone server) in DMZ (not as FW, just Web Publishing).
I would like that ISA Server be able to
authenticate users of my domain, but DC's ( W2K SRV SP3 ) are in the internal
network.
Is it possible ? If yes, I suppose that I must
open some protocols on the Firewall...but, which ones.
Some help or idea's for me ?
Thank you in advance.
Etienne
Other related posts:
