Is there another place I might be able to view; http://spaces.msn.com/drisa/blog/cns!BC3213176E0489FD!392.entry I've been following this thread and I'm unable to view the potential solution. The reason? I have blocked "spaces" since this is a k-12 district. I would view this at home but I've just finish (almost) building a house and I've yet to setup my computers. No biggie, just curious... William -----Original Message----- From: cdx47 [mailto:extra_net@xxxxxxxxxxx] Sent: Wednesday, March 08, 2006 09:22 To: [ISAserver.org Discussion List] Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know)[Scanned] http://www.ISAserver.org Now this: "http://spaces.msn.com/drisa/blog/cns!BC3213176E0489FD!392.entry"; is more like it, I havent seen before and looks like its required readin. I have already done much of the same troubleshooting with nslookup etc. The isapix stuff Ive seen before. I will have a look at the netscreen stuff. Thanks > Hi CDX, > > Check out: > > http://spaces.msn.com/drisa/blog/cns!BC3213176E0489FD!392.entry > > And > http://www.isaserver.org/tutorials/2004isapixdmz.html > > And > http://www.isaserver.org/pages/search.asp?query=3Dnetscreen > > HTH, > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > =20 > > > -----Original Message----- > > From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=20 > > Sent: Wednesday, March 08, 2006 9:07 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know) =20 > >http://www.ISAserver.org =20 Thats the annoying thing. Neither of > >them say anthing is wrong. The OS logs including DNS have no errors. > >ISA logs have no errors.=20 When things like this happen my boss > >gets angry with me and says "but=20 there must be a reason" and all > >I can say to him is yes, but since I have=20 nothing in the logs > >and nothing has changed (as far as I know) what can I say. > >=20 > > Anyway to be honest, going back to my original question, I=20 just > >wanted to know peoples experiences on the board. How do you combine > >the=20 excellent SMTP filtering, OWA publishing etc features of ISA > >with PIX=20 raw power and stability. I would like to use the PIX as > >the Internet=20 firewall. I will turn off message guard and maybe a > >few others if necessary. I=20 would like to use the PIX VPN and > >still use WinXP clients to connect to it(I have already tested > >this). I want for example to to exchange over=20 HTTP but for that > >I either need to upgrade to 2004 or remove ISA and just open the > >relevant ports on PIX. Can I do this with ISA 2000 in place=20 for > >example. > >=20 > > I am no longer in troubleshooting mode. I just want a solution that > >is "stable" even if it means a little more complication on the way. > >The easiest solution would be to remove ISA completely and it is=20 > >tempting but I do know the advantages of ISA. > > > What do the logs say?? Both ISA and event.=3D20 =20 > > >-----Original Message----- > > > From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=3D20 > > > Sent: Wednesday, March 08, 2006 10:44 AM > > > To: ISA Mailing List > > > Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know) =20 > > >http://www.ISAserver.org =20 Ok here goes > > > Steve: in answer to your question. I have nothing else=20 > > installed on my > > > ISA box. Ive been configuring ISA for 3 years now. I bought=20 > > both of Toms > > > books so I have some idea of what I am doing. > > >=20 > > > Tom: You surprise me. I know you are busy so I will forgive for > > >completely missing the point. I dont have the PIX installed=20 > > yet. Just > > > ISA. > > >=20 > > > Alex: Me too. I think that maybe they are so used to being=20 > > bashed over > > > the head with the software firewall thing that its just a=20 > > conditioned > > > reaction triggered by certain keywords eg: PIX. I want to=20 > > use ISA I just > > > realise it has its own limitations. Im sure 2004 overcomes=20 > > many of them > > > but in the end its still on a PC running on a general=20 > > purpose OS. So I > > > wanted to combine the best of both. > > >=20 > > > Ho hum > > >=20 > > > > ... uh.. .what? > > > >=3D20 > > > > I fail to see how a PIX is easier to use than ISA... and=20 > > I also fail=3D20 > > > > to =3D3D understand the whole point, in general. I fail at=20 > > a lot of =3D > > > things > > >=20 > > > > today. =3D3D May I ask for enlightenment? > > > >=3D20 > > > > -----Message d'origine----- > > > > De=3D3DA0: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]=3D3D20 > > > > Envoy=3D3DE9=3D3DA0: 8 mars 2006 08:18 > > > > =3D3DC0=3D3DA0: [ISAserver.org Discussion List] > > > > Objet=3D3DA0: [isalist] RE: PIX 515e and ISA 2000 (I know, I > > > >know) =3D20 http://www.ISAserver.org =3D20 Here's a core fact > > > >you can take to the dopes who think a=20 > > hardware=3D20 > > > > firewall is more secure: > > > >=3D20 > > > > Security is inversely proportional to ease of use and > > > >accessbility =3D20 Therefore, if you can understand the PIX and > > > >make it access = > the=3D20 > > > > content your users want, you've proven the PIX is nothing but = > a=3D20 > > > > security illusion and you're doing your company a=20 > > disservice if you=3D20 > > > > can't prove that I'm incorrect. > > > >=3D20 > > > > BTW -- you have done *nothing* to demonstate that the ISA=20 > > firewall is=3D20 > > > > the problem here. At this point, I have as much positive=20 > > proof that=3D20 > > > > the pix server is the problem.=3D3D20 =3D20 =3D20 Thomas W > > > >Shinder, M.D. > > > > Site: www.isaserver.org > > > > Blog: http://blogs.isaserver.org/shinder/ > > > > Book: http://tinyurl.com/3xqb7 > > > > MVP -- ISA Firewalls > > > >=3D20 > > > >=3D20 > > > > -----Original Message----- > > > > From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=3D3D20 > > > > Sent: Wednesday, March 08, 2006 1:03 AM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know) > > > >=3D20 http://www.ISAserver.org =3D20 Now Im really tempted to > > > >just remove ISA completely (see=20 > > below). I=3D20 > > > > currently have ISA running on win2k3 sp1. Should I=20 > > downgrade to win2k? > > > > It > > > > seemed to be a little more stable on that OS. > > > >=3D20 > > > > Again this morning, for no reason DNS stopped responding.=20 > > I restarted=3D20 > > > > the DNS service and nothing happened. I checked the ISPs=20 > > DNS and=3D20 > > > > everything was fine. I rebooted ISA and everything came=20 > > back. Im quite > > >=20 > > > > frankly fed up with this. I know 2004 is supposed to be=20 > > more stable=3D20 > > > > but I cant justify the extra spend especially as most=20 > > people still=3D20 > > > > think hardware firewall equals more secure and Microsoft=20 > > Firewall=3D20 > > > > equals reboot (in the case of ISA 2000 I agree). > > > >=3D20 > > > > > In that case, please proceed. :)=3D3D3D20 =3D3D20 =3D3D20 = > Thomas W =3D > > > Shinder,=3D20 > > > > >M.D. > > > > > Site: www.isaserver.org > > > > > Blog: http://blogs.isaserver.org/shinder/ > > > > > Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls =3D3D20 > > > > >=3D3D20 -----Original Message----- > > > > > From: Alexandre Gauthier=20 > > [mailto:gauthiera@xxxxxxxxxxxxxxxxx]=3D3D3D20 > > > > > Sent: Tuesday, March 07, 2006 8:31 AM > > > > > To: [ISAserver.org Discussion List] > > > > > Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I=20 > > know) =3D3D20 =3D > > >=20 > > > > >http://www.ISAserver.org =3D3D20 Well, unless I misread,=20 > > he asked how =3D > > > to > > >=20 > > > > >make ISA 2000 and and PIX play > > > > =3D3D3D > > > > > nice, so it is not entirely irrelevant... > > > > >=3D3D20 > > > > > -----Message d'origine----- > > > > > De=3D3D3DA0: Thomas W Shinder = > [mailto:tshinder@xxxxxxxxxxx]=3D3D3D20 > > > > > Envoy=3D3D3DE9=3D3D3DA0: 7 mars 2006 09:25 > > > > > =3D3D3DC0=3D3D3DA0: [ISAserver.org Discussion List] > > > > > Objet=3D3D3DA0: [isalist] RE: PIX 515e and ISA 2000 (I=20 > > know, I know) =3D > > > =3D3D20 > > >=20 > > > > >http://www.ISAserver.org =3D3D20 You're asking how to=20 > > configure a=3D20 > > > > >dreaded PIX here?=3D3D3D20 =3D3D20 =3D3D20 Thomas W Shinder, = > M.D. > > > > > Site: www.isaserver.org > > > > > Blog: http://blogs.isaserver.org/shinder/ > > > > > Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls =3D3D20 > > > > >=3D3D20 -----Original Message----- > > > > > From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=3D3D3D20 > > > > > Sent: Tuesday, March 07, 2006 8:11 AM > > > > > To: [ISAserver.org Discussion List] > > > > > Subject: [isalist] PIX 515e and ISA 2000 (I know, I=20 > > know) =3D3D20 =3D20 > > > > >http://www.ISAserver.org =3D3D20 Hi all =3D3D20 I didnt=20 > > really get any=3D20 > > > > >answers to my ISA VPN question so I just gave > > > > up > > > > > and I will install a PIX. For some reason the ISA VPN=20 > > connects but I > > >=20 > > > > > cant see the internal lan. Im not sure if I need a=20 > > static route on=3D20 > > > > > the ISA box or not. But to be honest this is the last=20 > > straw. Ive=3D20 > > > > > been using ISA > > > > for > > > > > 3 > > > > > years. Feature wise very good. Configuration very easy. > > > > Stability....... > > > > > Anyway I would like to combine the advantages of the=20 > > PIX (we already > > >=20 > > > > > have sitting here doing nothing) i.e. hardware VPN,=20 > > stability, speed > > >=20 > > > > > and > > > > ISA > > > > > 2000 exchange publishing , SMTP protection etc. I want=20 > > to configure=3D20 > > > > > in the simple back to back configuration. Besides turning = > off=3D20 > > > > > Message Guard > > > > on > > > > > the PIX how do I get OWA/OMA through the PIX? Any other=20 > > gotyas' I > > > > should > > > > > know about. > > > > >=3D3D20 > > > > > ------------------------------------------------------ > > > > > List Archives:=3D20 > > > > >http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist > > > > > ISA Server Newsletter:=20 > > http://www.isaserver.org/pages/newsletter.asp > > > > > ISA Server FAQ: =3D3D > > > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3D3DFAQ > > > > > ------------------------------------------------------ > > > > > Visit TechGenix.com for more information about our other sites: > > > > > http://www.techgenix.com > > > > > ------------------------------------------------------ > > > > > You are currently subscribed to this ISAserver.org=20 > > Discussion List > > > as: > > > > > tshinder@xxxxxxxxxxxxxxxxxx > > > > > To unsubscribe visit =3D3D3D > > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist > > > > > Report abuse to listadmin@xxxxxxxxxxxxx =3D3D20 =3D3D20 > > > > >=3D3D20 > > > > > ------------------------------------------------------ > > > > > List Archives:=3D20 > > > > >http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist > > > > > ISA Server Newsletter:=20 > > http://www.isaserver.org/pages/newsletter.asp > > > > > ISA Server FAQ: =3D3D > > > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3D3DFAQ > > > > > ------------------------------------------------------ > > > > > Visit TechGenix.com for more information about our other sites: > > > > > http://www.techgenix.com > > > > > ------------------------------------------------------ > > > > > You are currently subscribed to this ISAserver.org=20 > > Discussion List > > > as: > > > > =3D3D3D > > > > > gauthiera@xxxxxxxxxxxxxxxxx > > > > > To unsubscribe visit =3D3D3D > > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist > > > > > Report abuse to listadmin@xxxxxxxxxxxxx =3D3D20 =3D3D20 > > > > > ------------------------------------------------------ > > > > > List Archives:=3D20 > > > > >http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist > > > > > ISA Server Newsletter:=20 > > http://www.isaserver.org/pages/newsletter.asp > > > > > ISA Server FAQ: =3D3D > > > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3D3DFAQ > > > > > ------------------------------------------------------ > > > > > Visit TechGenix.com for more information about our other sites: > > > > > http://www.techgenix.com > > > > > ------------------------------------------------------ > > > > > You are currently subscribed to this ISAserver.org=20 > > Discussion List > > > as: > > > > =3D3D3D > > > > > tshinder@xxxxxxxxxxxxxxxxxx > > > > > To unsubscribe visit =3D3D3D > > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3D3Disalist > > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > >=3D20 > > > > ------------------------------------------------------ > > > > List Archives:=20 > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > > ISA Server Newsletter:=20 > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: =3D > > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3DFAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org=20 > > Discussion List as: > > > > tshinder@xxxxxxxxxxxxxxxxxx > > > > To unsubscribe visit =3D3D > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx =3D20 =3D20 =3D20 > > > > ------------------------------------------------------ > > > > List Archives:=20 > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > > ISA Server Newsletter:=20 > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: =3D > > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3DFAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org=20 > > Discussion List as: > > >=20 > > > > =3D3D gauthiera@xxxxxxxxxxxxxxxxx To unsubscribe visit > > > > =3D3D=3D20 > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > >=20 > > > ------------------------------------------------------ > > > List Archives: = > http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist > > > ISA Server Newsletter: > > > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ:=20 > > http://www.isaserver.org/pages/larticle.asp?type=3D3DFAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org=20 > > Discussion List as: > > > isalist@xxxxxxxxxx To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > >=20 > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: > >http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion=20 > >List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit=20 > >http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > Report abuse to listadmin@xxxxxxxxxxxxx =20 =20 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: wrascher@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx