RE: ISA on a DC

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 21 Jun 2005 10:17:38 -0700

You should see what it looks like when it gets localized to Japanese...

-----Original Message-----
From: Quillman Shawn (RBNA/CSA1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] 
Sent: Tuesday, June 21, 2005 7:16 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA on a DC

http://www.ISAserver.org


Microsoft should really invest some time into fixing that design flaw.

(grin) 


-----
Robert Bosch Corporation
Technical Systems Analyst (RBNA/CSA1)
Corporate Sales Reporting Systems
38000 Hills Tech Drive - Farmington Hills, MI 48331 - USA
phone: 1 (248) 553-1164    fax: 1 (248) 848-6969
shawn.quillman@xxxxxxxxxxxx
http://www.bosch.us

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Tuesday, June 21, 2005 10:01 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA on a DC

http://www.ISAserver.org

You Betcha!
ISA + DC == <snicker><chortle><chuckle><GUFFAW>

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Tuesday, June 21, 2005 6:27 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA on a DC

http://www.ISAserver.org

Hi Cerebro,

Yes, you should have DCs at the branch offices, just not on the
firewall. 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: cerebro [mailto:cerebro@xxxxxxxxxxxxxxxxx] 
Sent: Tuesday, June 21, 2005 8:23 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA on a DC

http://www.ISAserver.org

OK,

But do you think it's better to add a domain controller on site 1 near
of Isa Server? I prefer to leave DC on Site 2 but I'm not sure if it's
necessary for this scenario move a DC to Site 1.

Thanks for your reply and help! 

-----Mensaje original-----
De: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Enviado el: martes, 21 de junio de 2005 14:00
Para: [ISAserver.org Discussion List]
Asunto: [isalist] RE: ISA on a DC

http://www.ISAserver.org

Hi Cerebro,

EXACTLY! 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: cerebro [mailto:cerebro@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, June 21, 2005 6:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA on a DC

http://www.ISAserver.org

Hi Tom,

Thanks a lot!!! For a moment, I believe amb I going insane!!!

Then, The ISA firewall on Site 1 can be a domain member working with
Domains Controllers on Site 2?


-----Mensaje original-----
De: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Enviado el: martes,
21 de junio de 2005 13:39
Para: [ISAserver.org Discussion List]
Asunto: [isalist] RE: ISA on a DC

http://www.ISAserver.org

Hi Cerebro,

You caught a typo in my message. I meant to say that the ISA firewall on
the remote site network can be a *domain member*, NOT domain controller.

Sorry about that. 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: cerebro [mailto:cerebro@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, June 21, 2005 6:37 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA on a DC

http://www.ISAserver.org

Hi Tom,

Why do you say it? Sorry, but I don't understand......

In another mail you say:

http://www.ISAserver.org

Where have you read this?

I wrote a 1100 page book telling you that was NOT true.

I have 100+ articles on ISAserver.org and other places telling you this
was not true.

Don't listen to Cisco reps :)

If you have a site to site VPN, the ISA firewall at the remote site can
be a domain controller. I do that often and it works a treat. Even have
information on how to do it in the ISA/Exchange kit.

HTH, 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Mensaje original-----
De: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Enviado el: martes,
21 de junio de 2005 12:00
Para: [ISAserver.org Discussion List]
Asunto: [isalist] RE: ISA on a DC

http://www.ISAserver.org

Do NOT make the ISA firewall part of your server consolidation plan --
don't put it on a DC. 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: cerebro [mailto:cerebro@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, June 21, 2005 3:13 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA on a DC

http://www.ISAserver.org

Hi IsaList,

I have the following config:

                                         ISP VPN INTERNET  <-----> SITE
1 (HOUSING) <----------------> SITE2

SITE 1:
        Domain Controller Windows 2003STD + Isa Server 2004 SP1

SITE 2: Internal LAN ( Other DC, Exchange, etc.... )

I need to publish Exchange 2003 services (OWA (Form-Based Auth), SMTP,
POP3, RPC-over-HTTP), and other web services (intranet, etc..).

There is any problem with the config? The Active directory can't
replicate.

In the firewall policy mode, I add the following protocols to an Rule
Action (Allow):

DNS
Kerberos-Adm (UDP)
Kerberos-Sec (TCP)
Kerberos-Sec (UDP)
LDAP
LDAP (UDP)
LDAP GC (Global Catalog)
NTP (UDP)
Ping
RPC Endpoint Mapper (TCP 135)
Direct Host (TCP 445)

I'm not sure I understand fully what it means and what we would need to
configure?
 
Thanks for your reply and help!


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cerebro@xxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cerebro@xxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cerebro@xxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

• » ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC
• » RE: ISA on a DC

1. Home
2. isalist
3. Archive
4. 06-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---