http://www.ISAserver.org ------------------------------------------------------- Not at all... it is only an "issue" if you need AD-based authentication for both domains. If so, then you'll just need to create a trust (one way will work just fine). What "cross-trust issues" are you referring to? t -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of JB Sent: Wednesday, October 10, 2007 8:07 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Looking for pitfalls http://www.ISAserver.org ------------------------------------------------------- So.... All would agree that having two domains behind ISA 2006 creates enough complexity (for one who does not enjoy cross-trust relationship between domains issues) for it to be impractical? JB On Oct 8, 2007, at 8:53 AM, Jim Harrison wrote: > http://www.ISAserver.org > ------------------------------------------------------- > > Actually, it's both. > Domain traffic across ISA is a great reason to increase your > illicit substance use. > Have a peek at the RPC-oriented fixes in ISA; nearly all of them > have been driven by domain scenarios; some because of RPC protocol > changes in the OS. > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) > Sent: Monday, October 08, 2007 8:33 AM > To: isalist@xxxxxxxxxxxxx; isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Looking for pitfalls > > That's what I was going to say ;) > > It's not "multiple domains behind ISA," it's the way you want trust > to work within those "multiple domains behind ISA." > > If you don't have some sort of cross-trust relationship between the > domains, only users within the domain that the ISA server is a > member of can use rules that require user authentication (including > certificates). > > t > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx on behalf of Jim Harrison > Sent: Fri 10/5/2007 12:49 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Looking for pitfalls > > > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > the question of cross-ISA domain / forest traffic is gonna make you > drink (more). > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > Sent: Friday, October 05, 2007 11:50 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Looking for pitfalls > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > Ha! I'll brew a pot on your behalf and I already have the skittles > in my > desk drawer :) > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] > On Behalf Of JB > Sent: Friday, October 05, 2007 1:37 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Looking for pitfalls > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > Brilliant!!! > > How do I send you a pot of coffee and bag of skittles? ;-) > On Oct 5, 2007, at 11:28 AM, Thomas W Shinder wrote: > >> http://www.ISAserver.org <http://www.isaserver.org/> >> ------------------------------------------------------- >> >> Sounds like an excellent scenario for an article! I'll pound it out >> this >> weekend. >> >> Thanks! >> >> Tom >> >> -----Original Message----- >> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- >> bounce@xxxxxxxxxxxxx] >> On Behalf Of JB >> Sent: Friday, October 05, 2007 12:12 PM >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Looking for pitfalls >> >> I would like to indulge the minds of ISA List on the pitfalls of >> having >> two separate networks/domains behind one ISA 2006 firewall. >> >> The main question: How does authentication in ISA 2006 work with two >> domains? >> >> Any thoughts would be greatly appreciated - I should probably >> rephrase >> this ;-) >> >> Scenario: >> Both domains are Windows 2003. >> Both domains have Exchange servers publishing OWA etc... >> Both domains have users requiring RDP and VPN access All users except >> admins are not allowed into opposing network >> >> >> ------------------------------------------------------ >> List Archives: //www.freelists.org/archives/isalist/ >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >> ISA Server Articles and Tutorials: http://www.isaserver.org/ >> articles_tutorials/ >> ISA Server Blogs: http://blogs.isaserver.org/ >> ------------------------------------------------------ >> Visit TechGenix.com for more information about our other sites: >> http://www.techgenix.com <http://www.techgenix.com/> >> ------------------------------------------------------ >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >> Report abuse to listadmin@xxxxxxxxxxxxx >> >> > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com <http://www.techgenix.com/> > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: http://www.isaserver.org/ > articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com <http://www.techgenix.com/> > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: http://www.isaserver.org/ > articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com <http://www.techgenix.com/> > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: http://www.isaserver.org/ > articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx