RE: Inter Domain Communications

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 16 Nov 2004 22:47:43 -0600

Hi Joseph,

Good stuff! I'm a bit confused about why you couldn't NAT between the
DMZ between the front-end and the back-end, because it shouldn't be a
problem to publish the DNS server back there. You publish it first on
the front-end ISA firewall and then publish it again on the back-end.
What kind of errors where you seeing?

Thanks! 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: josephk [mailto:josephk@xxxxxxxxx] 
Sent: Tuesday, November 16, 2004 4:55 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Inter Domain Communications

http://www.ISAserver.org

Hi Thomas, 

666 has been plaguing my network already!  So, I decided to rebuild
every machine.
Plus, I have 2 lines now.  1 DSL and 1 cable.  I've kept them separate
so that I
Could test out vpn and other setups.

With my DSL qwest sent me a new actiontec modem 740wg. There was some
very strange setup
Stuff that I had to figure out to get this talking with ISA 2004.  I
also bought a block
Of 8 ip addresses.  Would you like me to document steps that I had to do
with getting this working with a new
Modem type?   

I'm also amazed that I have my own primary dns server running in the DMZ
zone behind the back end ISA.
NAT would not work. I found this out when you do nslookup on my stuff.
So, I had to ROUTE from front end ISA to
Back end ISA.  I'm going to list all my rules. Very basic but solid at
this point so, we can start getting
Some best practice stuff done for back to back with isa 2004 firewalls.

I'm getting ready to put up my perimeter zone with authenticated
exchange and site server stuff. I'm looking forward to that!

Being offline for 2 weeks was the pits. Good thing I still had
connections to at least surf the web looking for ideas.

Thank you,

Joseph

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Tuesday, November 16, 2004 2:42 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Inter Domain Communications


http://www.ISAserver.org

Hi Joseph,

If its just the port number, it doesn't matter. You can use 666 if you
want :) 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 MVP -- ISA Firewalls


-----Original Message-----
From: josephk [mailto:josephk@xxxxxxxxx] 
Sent: Tuesday, November 16, 2004 4:25 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Inter Domain Communications

http://www.ISAserver.org

Hi All,

I think that I'm finally getting a handle on my network!

But, I do have a couple of questions that I hope can get answered on
this list. From the following articles which is the best practices
method of using the ADLong/DirRep? I'm just wondering why the difference
in setup. Thank you, Joseph

http://www.isaserver.org/articles/2004perimeterdomain.html

 

*ADLogon/DirRep:
Primary Connection: 50000 TCP Outbound (requires RPC key set on the
back-end Exchange Server)

 

Perform the following steps on each of the domain controllers in your
domain to change the RPC replication port to 50000:

1.       Click Start and click Run. In the Open text box enter Regedit
and click OK. 

2.       Go to the following Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\

3.       Click the Edit menu and point to New. Click DWORD Value. 

4.       Rename the entry from New Value #1 to TCP/IP Port, then double
click the entry. 

5.       In the Edit DWORD Value dialog box, select the Decimal option.
Enter 50000 in the Value data text box. Click OK. 

6.       Restart the domain controller.

 

 

http://www.isaserver.org/articles/2004dmzfebe.html

 

ADLogon/DirRep:
Primary Connection: 1600 TCP Outbound (requires RPC key set on the
back-end Exchange Server)

 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Inter Domain Communications
• » RE: Inter Domain Communications
• » RE: Inter Domain Communications
• » RE: Inter Domain Communications

1. Home
2. isalist
3. Archive
4. 11-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---