[isalist] Re: Looking for pitfalls

  • From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 10 Oct 2007 08:30:05 -0700

http://www.ISAserver.org
-------------------------------------------------------

Not at all... it is only an "issue" if you need AD-based authentication
for both domains. If so, then you'll just need to create a trust (one
way will work just fine). What "cross-trust issues" are you referring
to?

t

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of JB
Sent: Wednesday, October 10, 2007 8:07 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Looking for pitfalls

http://www.ISAserver.org
-------------------------------------------------------
  
So.... All would agree that having two domains behind ISA 2006  
creates enough complexity (for one who does not enjoy cross-trust  
relationship between domains issues) for it to be impractical?

JB


On Oct 8, 2007, at 8:53 AM, Jim Harrison wrote:

> http://www.ISAserver.org
> -------------------------------------------------------
>
> Actually, it's both.
> Domain traffic across ISA is a great reason to increase your  
> illicit substance use.
> Have a peek at the RPC-oriented fixes in ISA; nearly all of them  
> have been driven by domain scenarios; some because of RPC protocol  
> changes in the OS.
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- 
> bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
> Sent: Monday, October 08, 2007 8:33 AM
> To: isalist@xxxxxxxxxxxxx; isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Looking for pitfalls
>
> That's what I was going to say ;)
>
> It's not "multiple domains behind ISA," it's the way you want trust  
> to work within those "multiple domains behind ISA."
>
> If you don't have some sort of cross-trust relationship between the  
> domains, only users within the domain that the ISA server is a  
> member of can use rules that require user authentication (including  
> certificates).
>
> t
>
> ________________________________
>
> From: isalist-bounce@xxxxxxxxxxxxx on behalf of Jim Harrison
> Sent: Fri 10/5/2007 12:49 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Looking for pitfalls
>
>
>
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> the question of cross-ISA domain / forest traffic is gonna make you  
> drink (more).
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- 
> bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> Sent: Friday, October 05, 2007 11:50 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Looking for pitfalls
>
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> Ha! I'll brew a pot on your behalf and I already have the skittles  
> in my
> desk drawer :)
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- 
> bounce@xxxxxxxxxxxxx]
> On Behalf Of JB
> Sent: Friday, October 05, 2007 1:37 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Looking for pitfalls
>
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> Brilliant!!!
>
> How do I send you a pot of coffee and bag of skittles? ;-)
> On Oct 5, 2007, at 11:28 AM, Thomas W Shinder wrote:
>
>> http://www.ISAserver.org <http://www.isaserver.org/>
>> -------------------------------------------------------
>>
>> Sounds like an excellent scenario for an article! I'll pound it out
>> this
>> weekend.
>>
>> Thanks!
>>
>> Tom
>>
>> -----Original Message-----
>> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
>> bounce@xxxxxxxxxxxxx]
>> On Behalf Of JB
>> Sent: Friday, October 05, 2007 12:12 PM
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Looking for pitfalls
>>
>> I would like to indulge the minds of ISA List on the pitfalls of
>> having
>> two separate networks/domains behind one ISA 2006 firewall.
>>
>> The main question: How does authentication in ISA 2006 work with two
>> domains?
>>
>> Any thoughts would be greatly appreciated - I should probably  
>> rephrase
>> this ;-)
>>
>> Scenario:
>> Both domains are Windows 2003.
>> Both domains have Exchange servers publishing OWA etc...
>> Both domains have users requiring RDP and VPN access All users except
>> admins are not allowed into opposing network
>>
>>
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials: http://www.isaserver.org/
>> articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com <http://www.techgenix.com/>
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com <http://www.techgenix.com/>
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials: http://www.isaserver.org/ 
> articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com <http://www.techgenix.com/>
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials: http://www.isaserver.org/ 
> articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com <http://www.techgenix.com/>
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials: http://www.isaserver.org/ 
> articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts: