RE: RES: POP3 & SMTP

  • From: "Friese, Casey" <cfriese@xxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 18 Dec 2002 12:21:06 -0500

I'm using the firewall client on all of my client machines and we also
use ISP provided POP3 from the internet.  Everything works like a charm.
My opinion, which may be different than the list, is not to have all
clients secure nat to the ISA.  All of my clients have a default gateway
set to my cisco router.  
 
If you have more than one physical location that is tied into your
network, making the clients secure nat to the ISA is BS and will cause
headaches.  If you do this then you're left with using the ISA as a
router for intra office communication.
 
My philosphy is this, clients behind the inside (south) nic in the ISA
should have the FW client installed or their web browsers manually
pointed to the IS,. and their default gateways pointed to a cisco
router.  Servers that are published through the ISA should only be your
only secure nat clients, especially in in a DMZ setting.

        -----Original Message-----
        From: cth@xxxxxxxxxxx [mailto:cth@xxxxxxxxxxx] 
        Sent: Wednesday, December 18, 2002 11:53 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: RES: POP3 & SMTP
        
        

        Is it really preferable to make all internal clients SecureNAT
instead of using the firewall client? It would seem that a Windows 2000
box would be a greater point of failure than a Cisco router. Ours has
been down twice now. Once as they fan went bad on the Compaq DL 360 and
once as the power went out on that UPS. In both cases the Exchange
servers that we publish use the ISA server as SecureNAT and the entire
company was shut off from mail. If the ISA server is the def gateway
then if it goes down not much will get done by ALL internal clients,
right? Is this the list view of a best practice (all internal
SecureNAT)? I am just curious as to the thinking.

        Chris 

        -----Original Message----- 
        From: Alex Decarli [mailto:alex@xxxxxxxxxxxxx] 
        Sent: Wednesday, December 18, 2002 7:48 AM 
        To: [ISAserver.org Discussion List] 
        Subject: [isalist] RES: POP3 & SMTP 

        http://www.ISAserver.org 


        First, if you use the firewall client to this purpose, uninstall
it. 
        All client machine should be SecureNAT Clients (Default gateway
should be internal IP address of ISA Server) 
        create a protocol rule called (for example) allow Outlook
Express, select smtp and pop3 protocol and appy to 
        IP addresses of these computers. 
        Create a site and content rule with the destinations of mail
servers.... 

        Hope this Help, 

        ALEX 


        -----Mensagem original----- 
        De: Alex S. Pereira [mailto:9047.alexsp@xxxxxxxxxxxxx] 
        Enviada em: quarta-feira, 18 de dezembro de 2002 09:26 
        Para: [ISAserver.org Discussion List] 
        Assunto: [isalist] POP3 & SMTP 


        http://www.ISAserver.org 


        Hi, 

        I have just created a my first ISA Server, but I have a great
problem, my 
        clients access email via pop3/smtp using Outlook Express, the
clients are 
        behind my ISA Server and the mail server on Internet, I can
access any 
        WebSite but can not access the mail server, the client machine
have 
        Firewall Client installed. 

        Anyone can help me ? 

        Thanks, 

        Alex 

        List Sponsored by Aspelle 
        Aspelle's Microsoft-centric, Aspelle Everywhere, leverages ISA
server and the Internet to quickly and cost-effectively manage and
deliver secure, client-less access to all corporate applications (Web,
Unix, Windows and legacy systems), for all users.

        More info at http://www.aspelle.com/info 

        ------------------------------------------------------ 
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist 
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp 
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ 
        ------------------------------------------------------ 
        Exchange Server Resource Site: http://www.msexchange.org/ 
        Windows Security Resource Site: http://www.windowsecurity.com/ 
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com 
        ------------------------------------------------------ 
        You are currently subscribed to this ISAserver.org Discussion
List as: alex@xxxxxxxxxxxxx 
        To unsubscribe send a blank email to
$subst('Email.Unsub') 


        List Sponsored by Aspelle 
        Aspelle's Microsoft-centric, Aspelle Everywhere, leverages ISA
server and the Internet to quickly and cost-effectively manage and
deliver secure, client-less access to all corporate applications (Web,
Unix, Windows and legacy systems), for all users.

        More info at http://www.aspelle.com/info 

        ------------------------------------------------------ 
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist 
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp 
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ 
        ------------------------------------------------------ 
        Exchange Server Resource Site: http://www.msexchange.org/ 
        Windows Security Resource Site: http://www.windowsecurity.com/ 
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com 
        ------------------------------------------------------ 
        You are currently subscribed to this ISAserver.org Discussion
List as: cth@xxxxxxxxxxx 
        To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 12-2002