[isalist] Re: Microsoft Security Bulletin MS07-049 - Important: Vulnerab ility in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 23 Aug 2007 12:35:55 -0700
If the IPSec tunnel terminates in front of ISA, then the traffic hitting
the external interface of ISA from the remote location is "external"
traffic to ISA. You'll have to create publishing rules to allow that
traffic into the internal network, unless you VPN into the ISA box
through the IPSec tunnel.
t
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Aman Bedi
Sent: Thursday, August 23, 2007 12:15 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Microsoft Security Bulletin MS07-049 - Important:
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of
Privilege (937986)
Why not have vpn with isa instead of the router ?
________________________________
From: Jagathese Gnana [mailto:Jagathese@xxxxxxxxxxxxxxxxxxx]
Sent: Thursday, August 23, 2007 2:21 PM
To: tshinder@xxxxxxxxxxx; isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Microsoft Security Bulletin MS07-049 - Important:
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of
Privilege (937986)
Dear Thomas,
My name is jags, I would like to have your expert advice and guidance to
overcome the problem I am facing.
Scenario:
1) I am trying to setup ISA server 2004 with a hardware firewall
(fortigate), the hardware firewall is connected to the internet ,the
internal interface of the Hardware firewall and the external interface
of the ISA server are on the same network.
2) We have a branch office connected to us using IPSEC tunneling to get
connected to the internal network, The tunnel is between the branch
office router and the our office router.
3) With the introduction of ISA server at our end( head office) between
the hardware firewall and the internal network , we have a situation
wherein the ipsec tunnel from the branch terminates in front of the ISA
server , which obviously means the branch office cannot communicate to
the internal network, Unless something is worked out.
4) I have tried changing the network relation ship between internal and
external interface if ISA server to route from NAT to achieve some
results as a result of which the internal web proxy clients of the ISA
server cannot connect to the internet.
5) I have gone through your notes having 3 chapters at ISASERVER.ORG ,
Which provides a solution wherein I can create new network between
perimeter network and the internal and keep a route relationship but
really doesn't work
I would like to have your suggestion if there is a way of getting the
packets from the IPSEC tunnel clients to the internal network of the ISA
server, or is publishing the assets of the firm the only option.
Eagerly waiting for your response.
________________________________
From: Thomas W Shinder [mailto:]
Sent: Tuesday, August 14, 2007 8:04 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Microsoft Security Bulletin MS07-049 - Important:
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of
Privilege (937986)
This is way we don't put Firewalls in VMs:
Microsoft Security Bulletin MS07-049 - Important: Vulnerability in
Virtual PC and Virtual Server Could Allow Elevation of Privilege
(937986):
http://www.microsoft.com/technet/security/Bulletin/ms07-049.mspx
Other related posts:
