That's what I was going to say ;) It's not "multiple domains behind ISA," it's the way you want trust to work within those "multiple domains behind ISA." If you don't have some sort of cross-trust relationship between the domains, only users within the domain that the ISA server is a member of can use rules that require user authentication (including certificates). t ________________________________ From: isalist-bounce@xxxxxxxxxxxxx on behalf of Jim Harrison Sent: Fri 10/5/2007 12:49 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Looking for pitfalls http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- the question of cross-ISA domain / forest traffic is gonna make you drink (more). -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Friday, October 05, 2007 11:50 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Looking for pitfalls http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- Ha! I'll brew a pot on your behalf and I already have the skittles in my desk drawer :) -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of JB Sent: Friday, October 05, 2007 1:37 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Looking for pitfalls http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- Brilliant!!! How do I send you a pot of coffee and bag of skittles? ;-) On Oct 5, 2007, at 11:28 AM, Thomas W Shinder wrote: > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > Sounds like an excellent scenario for an article! I'll pound it out > this > weekend. > > Thanks! > > Tom > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] > On Behalf Of JB > Sent: Friday, October 05, 2007 12:12 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Looking for pitfalls > > I would like to indulge the minds of ISA List on the pitfalls of > having > two separate networks/domains behind one ISA 2006 firewall. > > The main question: How does authentication in ISA 2006 work with two > domains? > > Any thoughts would be greatly appreciated - I should probably rephrase > this ;-) > > Scenario: > Both domains are Windows 2003. > Both domains have Exchange servers publishing OWA etc... > Both domains have users requiring RDP and VPN access All users except > admins are not allowed into opposing network > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: http://www.isaserver.org/ > articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com <http://www.techgenix.com/> > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx