RE: PIX 515e and ISA 2000 (I know, I know)

  • From: "cdx47" <extra_net@xxxxxxxxxxx>
  • To: isalist@xxxxxxxxxxxxx
  • Date: Wed, 8 Mar 2006 07:44:05 -0700

Ok here goes
Steve: in answer to your question. I have nothing else installed on my ISA
box. Ive been configuring ISA for 3 years now. I bought both of Toms books
so I have some idea of what I am doing.

Tom: You surprise me. I know you are busy so I will forgive for completely
missing the point. I dont have the PIX installed yet. Just ISA.

Alex: Me too. I think that maybe they are so used to being bashed over the
head with the software firewall thing that its just a conditioned reaction
triggered by certain keywords eg: PIX. I want to use ISA I just realise it
has its own limitations. Im sure 2004 overcomes many of them but in the
end its still on a PC running on a general purpose OS. So I wanted to
combine the best of both.

Ho hum

> ... uh.. .what?
> 
> I fail to see how a PIX is easier to use than ISA... and I also fail to =
> understand the whole point, in general. I fail at a lot of things today. =
> May I ask for enlightenment?
> 
> -----Message d'origine-----
> De=A0: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]=20
> Envoy=E9=A0: 8 mars 2006 08:18
> =C0=A0: [ISAserver.org Discussion List]
> Objet=A0: [isalist] RE: PIX 515e and ISA 2000 (I know, I know)
> 
> http://www.ISAserver.org
> 
> Here's a core fact you can take to the dopes who think a hardware
> firewall is more secure:
> 
> Security is inversely proportional to ease of use and accessbility
> 
> Therefore, if you can understand the PIX and make it access the content
> your users want, you've proven the PIX is nothing but a security
> illusion and you're doing your company a disservice if you can't prove
> that I'm incorrect.
> 
> BTW -- you have done *nothing* to demonstate that the ISA firewall is
> the problem here.  At this point, I have as much positive proof that the
> pix server is the problem.=20
> 
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
> 
> -----Original Message-----
> From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=20
> Sent: Wednesday, March 08, 2006 1:03 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know)
> 
> http://www.ISAserver.org
> 
> Now Im really tempted to just remove ISA completely (see below). I
> currently have ISA running on win2k3 sp1. Should I downgrade to win2k?
> It
> seemed to be a little more stable on that OS.
> 
> Again this morning, for no reason DNS stopped responding. I restarted
> the
> DNS service and nothing happened. I checked the ISPs DNS and everything
> was fine. I rebooted ISA and everything came back. Im quite frankly fed
> up
> with this. I know 2004 is supposed to be more stable but I cant justify
> the extra spend especially as most people still think hardware firewall
> equals more secure and Microsoft Firewall equals reboot (in the case of
> ISA 2000 I agree).
> 
> > In that case, please proceed. :)=3D20
> >=20
> >=20
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >=20
> >=20
> > -----Original Message-----
> > From: Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx]=3D20
> > Sent: Tuesday, March 07, 2006 8:31 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know)
> >=20
> > http://www.ISAserver.org
> >=20
> > Well, unless I misread, he asked how to make ISA 2000 and and PIX play
> =3D
> > nice, so it is not entirely irrelevant...
> >=20
> > -----Message d'origine-----
> > De=3DA0: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]=3D20
> > Envoy=3DE9=3DA0: 7 mars 2006 09:25
> > =3DC0=3DA0: [ISAserver.org Discussion List]
> > Objet=3DA0: [isalist] RE: PIX 515e and ISA 2000 (I know, I know)
> >=20
> > http://www.ISAserver.org
> >=20
> > You're asking how to configure a dreaded PIX here?=3D20
> >=20
> >=20
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >=20
> >=20
> > -----Original Message-----
> > From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=3D20
> > Sent: Tuesday, March 07, 2006 8:11 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] PIX 515e and ISA 2000 (I know, I know)
> >=20
> > http://www.ISAserver.org
> >=20
> > Hi all
> >=20
> > I didnt really get any answers to my ISA VPN question so I just gave
> up
> > and I will install a PIX. For some reason the ISA VPN connects but I
> > cant
> > see the internal lan. Im not sure if I need a static route on the ISA
> > box
> > or not. But to be honest this is the last straw. Ive been using ISA
> for
> > 3
> > years. Feature wise very good. Configuration very easy.
> Stability.......
> > Anyway I would like to combine the advantages of the PIX (we already
> > have
> > sitting here doing nothing) i.e. hardware VPN, stability, speed and
> ISA
> > 2000 exchange publishing , SMTP protection etc. I want to configure in
> > the
> > simple back to back configuration. Besides turning off Message Guard
> on
> > the PIX how do I get OWA/OMA through the PIX? Any other gotyas' I
> should
> > know about.
> >=20
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: =
> http://www.isaserver.org/pages/larticle.asp?type=3D3DFAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> > tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit =3D
> > http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >=20
> >=20
> >=20
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: =
> http://www.isaserver.org/pages/larticle.asp?type=3D3DFAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> =3D
> > gauthiera@xxxxxxxxxxxxxxxxx
> > To unsubscribe visit =3D
> > http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >=20
> >=20
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: =
> http://www.isaserver.org/pages/larticle.asp?type=3D3DFAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> =3D
> > tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit =3D
> > http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit =
> http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as: =
> gauthiera@xxxxxxxxxxxxxxxxx
> To unsubscribe visit =
> http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> Report abuse to listadmin@xxxxxxxxxxxxx


Other related posts: