[isalist] Re: Microsoft Security Bulletin MS07-049 - Important: V ulnerability in Virtual PC and Virtual Server Could Allow Elevation of Pr ivilege (937986)

• From: Jagathese Gnana <Jagathese@xxxxxxxxxxxxxxxxxxx>
• To: tshinder@xxxxxxxxxxx, isalist@xxxxxxxxxxxxx
• Date: Thu, 23 Aug 2007 20:21:25 +0200

Dear Thomas,

 

My name is jags, I would like to have your expert advice and guidance to
overcome the problem I am facing.

 

Scenario:

 

1)       I am trying to setup ISA server 2004 with a hardware firewall
(fortigate), the hardware firewall is connected to the internet ,the
internal interface of the Hardware firewall and the external interface of
the ISA server are on the same network.

 

2)       We have a branch office connected to us using IPSEC tunneling to
get connected to the internal network, The tunnel is between the branch
office router and the our office router.

 

3)       With the introduction of ISA server at our end( head office)
between the hardware firewall and the internal network , we have a situation
wherein the ipsec tunnel from the branch terminates in front of the ISA
server , which obviously means the branch office cannot communicate to the
internal network, Unless something is worked out.

 

4)       I have tried changing the network relation ship between internal
and external interface if ISA server to route from NAT to achieve some
results as a result of which the internal web proxy clients of the ISA
server cannot connect to the internet.

 

5)       I have gone through your notes having 3 chapters at ISASERVER.ORG ,
Which provides a solution wherein I can create new network between perimeter
network and the internal and keep a route relationship but really doesn't
work

 

 

I would like to have your suggestion if there is a way of getting the
packets from the IPSEC tunnel clients to the internal network of the ISA
server, or is publishing the assets of the firm the only option.

 

Eagerly waiting for your response.

 

 

 

  _____  

From: Thomas W Shinder [mailto:] 
Sent: Tuesday, August 14, 2007 8:04 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Microsoft Security Bulletin MS07-049 - Important:
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of
Privilege (937986)

 

This is way we don't put Firewalls in VMs:

Microsoft Security Bulletin MS07-049 - Important: Vulnerability in Virtual
PC and Virtual Server Could Allow Elevation of Privilege (937986):
http://www.microsoft.com/technet/security/Bulletin/ms07-049.mspx
<http://www.microsoft.com/technet/security/Bulletin/ms07-049.mspx> 

• Follow-Ups:
  • [isalist] Re: Microsoft Security Bulletin MS07-049 - Important: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
    • From: Aman Bedi

Other related posts:

• » [isalist] Re: Microsoft Security Bulletin MS07-049 - Important: V ulnerability in Virtual PC and Virtual Server Could Allow Elevation of Pr ivilege (937986)

1. Home
2. isalist
3. Archive
4. 08-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---