Hi CDX, Check out: http://spaces.msn.com/drisa/blog/cns!BC3213176E0489FD!392.entry And http://www.isaserver.org/tutorials/2004isapixdmz.html And http://www.isaserver.org/pages/search.asp?query=netscreen HTH, Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: cdx47 [mailto:extra_net@xxxxxxxxxxx] > Sent: Wednesday, March 08, 2006 9:07 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know) > > http://www.ISAserver.org > > Thats the annoying thing. Neither of them say anthing is wrong. The OS > logs including DNS have no errors. ISA logs have no errors. > When things > like this happen my boss gets angry with me and says "but > there must be a > reason" and all I can say to him is yes, but since I have > nothing in the > logs and nothing has changed (as far as I know) what can I say. > > Anyway to be honest, going back to my original question, I > just wanted to > know peoples experiences on the board. How do you combine the > excellent > SMTP filtering, OWA publishing etc features of ISA with PIX > raw power and > stability. I would like to use the PIX as the Internet > firewall. I will > turn off message guard and maybe a few others if necessary. I > would like > to use the PIX VPN and still use WinXP clients to connect to it(I have > already tested this). I want for example to to exchange over > HTTP but for > that I either need to upgrade to 2004 or remove ISA and just open the > relevant ports on PIX. Can I do this with ISA 2000 in place > for example. > > I am no longer in troubleshooting mode. I just want a solution that is > "stable" even if it means a little more complication on the way. The > easiest solution would be to remove ISA completely and it is > tempting but > I do know the advantages of ISA. > > What do the logs say?? Both ISA and event.=20 > > > > -----Original Message----- > > From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=20 > > Sent: Wednesday, March 08, 2006 10:44 AM > > To: ISA Mailing List > > Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know) > > > > http://www.ISAserver.org > > > > Ok here goes > > Steve: in answer to your question. I have nothing else > installed on my > > ISA box. Ive been configuring ISA for 3 years now. I bought > both of Toms > > books so I have some idea of what I am doing. > > > > Tom: You surprise me. I know you are busy so I will forgive for > > completely missing the point. I dont have the PIX installed > yet. Just > > ISA. > > > > Alex: Me too. I think that maybe they are so used to being > bashed over > > the head with the software firewall thing that its just a > conditioned > > reaction triggered by certain keywords eg: PIX. I want to > use ISA I just > > realise it has its own limitations. Im sure 2004 overcomes > many of them > > but in the end its still on a PC running on a general > purpose OS. So I > > wanted to combine the best of both. > > > > Ho hum > > > > > ... uh.. .what? > > >=20 > > > I fail to see how a PIX is easier to use than ISA... and > I also fail=20 > > > to =3D understand the whole point, in general. I fail at > a lot of = > > things > > > > > today. =3D May I ask for enlightenment? > > >=20 > > > -----Message d'origine----- > > > De=3DA0: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]=3D20 > > > Envoy=3DE9=3DA0: 8 mars 2006 08:18 > > > =3DC0=3DA0: [ISAserver.org Discussion List] > > > Objet=3DA0: [isalist] RE: PIX 515e and ISA 2000 (I know, I know) > > >=20 > > > http://www.ISAserver.org > > >=20 > > > Here's a core fact you can take to the dopes who think a > hardware=20 > > > firewall is more secure: > > >=20 > > > Security is inversely proportional to ease of use and accessbility > > >=20 > > > Therefore, if you can understand the PIX and make it access the=20 > > > content your users want, you've proven the PIX is nothing but a=20 > > > security illusion and you're doing your company a > disservice if you=20 > > > can't prove that I'm incorrect. > > >=20 > > > BTW -- you have done *nothing* to demonstate that the ISA > firewall is=20 > > > the problem here. At this point, I have as much positive > proof that=20 > > > the pix server is the problem.=3D20 > > >=20 > > >=20 > > > Thomas W Shinder, M.D. > > > Site: www.isaserver.org > > > Blog: http://blogs.isaserver.org/shinder/ > > > Book: http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > >=20 > > >=20 > > > -----Original Message----- > > > From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=3D20 > > > Sent: Wednesday, March 08, 2006 1:03 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know) > > >=20 > > > http://www.ISAserver.org > > >=20 > > > Now Im really tempted to just remove ISA completely (see > below). I=20 > > > currently have ISA running on win2k3 sp1. Should I > downgrade to win2k? > > > It > > > seemed to be a little more stable on that OS. > > >=20 > > > Again this morning, for no reason DNS stopped responding. > I restarted=20 > > > the DNS service and nothing happened. I checked the ISPs > DNS and=20 > > > everything was fine. I rebooted ISA and everything came > back. Im quite > > > > > frankly fed up with this. I know 2004 is supposed to be > more stable=20 > > > but I cant justify the extra spend especially as most > people still=20 > > > think hardware firewall equals more secure and Microsoft > Firewall=20 > > > equals reboot (in the case of ISA 2000 I agree). > > >=20 > > > > In that case, please proceed. :)=3D3D20 =3D20 =3D20 Thomas W = > > Shinder,=20 > > > >M.D. > > > > Site: www.isaserver.org > > > > Blog: http://blogs.isaserver.org/shinder/ > > > > Book: http://tinyurl.com/3xqb7 > > > > MVP -- ISA Firewalls > > > >=3D20 > > > >=3D20 > > > > -----Original Message----- > > > > From: Alexandre Gauthier > [mailto:gauthiera@xxxxxxxxxxxxxxxxx]=3D3D20 > > > > Sent: Tuesday, March 07, 2006 8:31 AM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I > know) =3D20 = > > > > > >http://www.ISAserver.org =3D20 Well, unless I misread, > he asked how = > > to > > > > > >make ISA 2000 and and PIX play > > > =3D3D > > > > nice, so it is not entirely irrelevant... > > > >=3D20 > > > > -----Message d'origine----- > > > > De=3D3DA0: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]=3D3D20 > > > > Envoy=3D3DE9=3D3DA0: 7 mars 2006 09:25 > > > > =3D3DC0=3D3DA0: [ISAserver.org Discussion List] > > > > Objet=3D3DA0: [isalist] RE: PIX 515e and ISA 2000 (I > know, I know) = > > =3D20 > > > > > >http://www.ISAserver.org =3D20 You're asking how to > configure a=20 > > > >dreaded PIX here?=3D3D20 =3D20 =3D20 Thomas W Shinder, M.D. > > > > Site: www.isaserver.org > > > > Blog: http://blogs.isaserver.org/shinder/ > > > > Book: http://tinyurl.com/3xqb7 > > > > MVP -- ISA Firewalls > > > >=3D20 > > > >=3D20 > > > > -----Original Message----- > > > > From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=3D3D20 > > > > Sent: Tuesday, March 07, 2006 8:11 AM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] PIX 515e and ISA 2000 (I know, I > know) =3D20 =20 > > > >http://www.ISAserver.org =3D20 Hi all =3D20 I didnt > really get any=20 > > > >answers to my ISA VPN question so I just gave > > > up > > > > and I will install a PIX. For some reason the ISA VPN > connects but I > > > > > > cant see the internal lan. Im not sure if I need a > static route on=20 > > > > the ISA box or not. But to be honest this is the last > straw. Ive=20 > > > > been using ISA > > > for > > > > 3 > > > > years. Feature wise very good. Configuration very easy. > > > Stability....... > > > > Anyway I would like to combine the advantages of the > PIX (we already > > > > > > have sitting here doing nothing) i.e. hardware VPN, > stability, speed > > > > > > and > > > ISA > > > > 2000 exchange publishing , SMTP protection etc. I want > to configure=20 > > > > in the simple back to back configuration. Besides turning off=20 > > > > Message Guard > > > on > > > > the PIX how do I get OWA/OMA through the PIX? Any other > gotyas' I > > > should > > > > know about. > > > >=3D20 > > > > ------------------------------------------------------ > > > > List Archives:=20 > > > >http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: =3D > > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3DFAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > Discussion List > > as: > > > > tshinder@xxxxxxxxxxxxxxxxxx > > > > To unsubscribe visit =3D3D > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx =3D20 =3D20 =3D20 > > > > ------------------------------------------------------ > > > > List Archives:=20 > > > >http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: =3D > > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3DFAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > Discussion List > > as: > > > =3D3D > > > > gauthiera@xxxxxxxxxxxxxxxxx > > > > To unsubscribe visit =3D3D > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx =3D20 =3D20 > > > > ------------------------------------------------------ > > > > List Archives:=20 > > > >http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: =3D > > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3DFAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > Discussion List > > as: > > > =3D3D > > > > tshinder@xxxxxxxxxxxxxxxxxx > > > > To unsubscribe visit =3D3D > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > >=20 > > > ------------------------------------------------------ > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: = > > http://www.isaserver.org/pages/larticle.asp?type=3D3DFAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > Discussion List as: > > > tshinder@xxxxxxxxxxxxxxxxxx > > > To unsubscribe visit =3D > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > >=20 > > >=20 > > >=20 > > > ------------------------------------------------------ > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: = > > http://www.isaserver.org/pages/larticle.asp?type=3D3DFAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > Discussion List as: > > > > > =3D gauthiera@xxxxxxxxxxxxxxxxx To unsubscribe visit =3D=20 > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > isalist@xxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >