[isalist] Re: Looking for pitfalls

From: JB <bcminc@xxxxxxxxx>
To: isalist@xxxxxxxxxxxxx
Date: Wed, 10 Oct 2007 08:06:41 -0700

http://www.ISAserver.org
-------------------------------------------------------

So.... All would agree that having two domains behind ISA 2006creates enough complexity (for one who does not enjoy cross-trustrelationship between domains issues) for it to be impractical?


JB


On Oct 8, 2007, at 8:53 AM, Jim Harrison wrote:

http://www.ISAserver.org
-------------------------------------------------------

Actually, it's both.

Domain traffic across ISA is a great reason to increase yourillicit substance use.Have a peek at the RPC-oriented fixes in ISA; nearly all of themhave been driven by domain scenarios; some because of RPC protocolchanges in the OS.


-----Original Message-----

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)

Sent: Monday, October 08, 2007 8:33 AM
To: isalist@xxxxxxxxxxxxx; isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Looking for pitfalls

That's what I was going to say ;)

It's not "multiple domains behind ISA," it's the way you want trustto work within those "multiple domains behind ISA."

If you don't have some sort of cross-trust relationship between thedomains, only users within the domain that the ISA server is amember of can use rules that require user authentication (includingcertificates).


t

________________________________

From: isalist-bounce@xxxxxxxxxxxxx on behalf of Jim Harrison
Sent: Fri 10/5/2007 12:49 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Looking for pitfalls



http://www.ISAserver.org <http://www.isaserver.org/>
-------------------------------------------------------

the question of cross-ISA domain / forest traffic is gonna make youdrink (more).


-----Original Message-----

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder

Sent: Friday, October 05, 2007 11:50 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Looking for pitfalls

http://www.ISAserver.org <http://www.isaserver.org/>
-------------------------------------------------------

Ha! I'll brew a pot on your behalf and I already have the skittlesin my

desk drawer :)

-----Original Message-----

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]

On Behalf Of JB
Sent: Friday, October 05, 2007 1:37 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Looking for pitfalls

http://www.ISAserver.org <http://www.isaserver.org/>
-------------------------------------------------------

Brilliant!!!

How do I send you a pot of coffee and bag of skittles? ;-)
On Oct 5, 2007, at 11:28 AM, Thomas W Shinder wrote:

http://www.ISAserver.org <http://www.isaserver.org/>
-------------------------------------------------------

Sounds like an excellent scenario for an article! I'll pound it out
this
weekend.

Thanks!

Tom

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
bounce@xxxxxxxxxxxxx]
On Behalf Of JB
Sent: Friday, October 05, 2007 12:12 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Looking for pitfalls

I would like to indulge the minds of ISA List on the pitfalls of
having
two separate networks/domains behind one ISA 2006 firewall.

The main question: How does authentication in ISA 2006 work with two
domains?

Any thoughts would be greatly appreciated - I should probablyrephrase

this ;-)

Scenario:
Both domains are Windows 2003.
Both domains have Exchange servers publishing OWA etc...
Both domains have users requiring RDP and VPN access All users except
admins are not allowed into opposing network


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/
articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp

ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/

ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp

ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/

ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp

ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/

ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------

List Archives: //www.freelists.org/archives/isalist/ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.aspISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ISA Server Blogs: http://blogs.isaserver.org/------------------------------------------------------

Visit TechGenix.com for more information about our other sites:

http://www.techgenix.com------------------------------------------------------To unsubscribe visit http://www.isaserver.org/pages/isalist.aspReport abuse to listadmin@xxxxxxxxxxxxx

Follow-Ups:
- [isalist] Re: Looking for pitfalls
  - From: Steve Moffat
- [isalist] Re: Looking for pitfalls
  - From: Thor (Hammer of God)

References:
- [isalist] Re: Looking for pitfalls
  - From: Thomas W Shinder
- [isalist] Re: Looking for pitfalls
  - From: Thor (Hammer of God)
- [isalist] Re: Looking for pitfalls
  - From: Jim Harrison

[isalist] Re: Looking for pitfalls

Other related posts: