[isalist] Re: Looking for pitfalls
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Mon, 8 Oct 2007 10:50:31 -0500
Ah yes. User (client) certificate authentication for even inbound
scenarios is going to be horked. Forgot about that one.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
Sent: Monday, October 08, 2007 10:33 AM
To: isalist@xxxxxxxxxxxxx; isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Looking for pitfalls
That's what I was going to say ;)
It's not "multiple domains behind ISA," it's the way you want
trust to work within those "multiple domains behind ISA."
If you don't have some sort of cross-trust relationship between
the domains, only users within the domain that the ISA server is a
member of can use rules that require user authentication (including
certificates).
t
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Jim Harrison
Sent: Fri 10/5/2007 12:49 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Looking for pitfalls
http://www.ISAserver.org <http://www.isaserver.org/>
-------------------------------------------------------
the question of cross-ISA domain / forest traffic is gonna make
you drink (more).
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Friday, October 05, 2007 11:50 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Looking for pitfalls
http://www.ISAserver.org <http://www.isaserver.org/>
-------------------------------------------------------
Ha! I'll brew a pot on your behalf and I already have the
skittles in my
desk drawer :)
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of JB
Sent: Friday, October 05, 2007 1:37 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Looking for pitfalls
http://www.ISAserver.org <http://www.isaserver.org/>
-------------------------------------------------------
Brilliant!!!
How do I send you a pot of coffee and bag of skittles? ;-)
On Oct 5, 2007, at 11:28 AM, Thomas W Shinder wrote:
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> Sounds like an excellent scenario for an article! I'll pound
it out
> this
> weekend.
>
> Thanks!
>
> Tom
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx]
> On Behalf Of JB
> Sent: Friday, October 05, 2007 12:12 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Looking for pitfalls
>
> I would like to indulge the minds of ISA List on the pitfalls
of
> having
> two separate networks/domains behind one ISA 2006 firewall.
>
> The main question: How does authentication in ISA 2006 work
with two
> domains?
>
> Any thoughts would be greatly appreciated - I should probably
rephrase
> this ;-)
>
> Scenario:
> Both domains are Windows 2003.
> Both domains have Exchange servers publishing OWA etc...
> Both domains have users requiring RDP and VPN access All users
except
> admins are not allowed into opposing network
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials: http://www.isaserver.org/
> articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other
sites:
> http://www.techgenix.com <http://www.techgenix.com/>
> ------------------------------------------------------
> To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
