Re: Thomas Shinder's article on g-to-g vpn, remote location isa/domain controller

From: "Thor" <thor@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Wed, 26 Nov 2003 09:59:06 -0800
Ni! Ni!

t


----- Original Message ----- 
From: "Adam Staub" <adam.staub@xxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, November 26, 2003 9:51 AM
Subject: [isalist] Re: Thomas Shinder's article on g-to-g vpn, remote
location isa/domain controller


http://www.ISAserver.org

Wouldn't it cheaper to get a couple of PIX 506e's and tunnel between
them?

Adam

-----Original Message-----
From: Thor [mailto:thor@xxxxxxxxxxxxxxx]
Sent: Wednesday, November 26, 2003 11:42 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Thomas Shinder's article on g-to-g vpn, remote
location isa/domain controller


http://www.ISAserver.org

> My company is considering establishing a g-to-g VPN. We are willing to

> put ISA server on the central office, and even another ISA server on
> the remote location, in spite of the fact that the remote location has

> no more than 10 users. Shinder's paper (Joining Networks over the
> Internet with a Gateway to Gateway VPN: ISA Server to Branch Office
> ISA Server/Domain) speaks of a scenario that seems very adequate for
> us, but raises a security question. How secure is it to make the ISA
> server a DC?

Does that paper talk about making the ISA box a DC, or just having a DC
at the remote location?  I thought it was the latter-- besides, you
don't actually have to have a DC at the remote location if you are
setting up point-to-point VPN between locations- only when you need to
have domain members VPN directly into the ISA box does a "local" DC need
to be present.

Regardless, as John stated, it is not recommended.  Get a ghetto box and
make it a DC behind the ISA box.  You'll thank yourself in the end.  (No
comments from the Jim and Tom show on that last statement!)

t


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Adam.Staub@xxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

*********************************************************************
Note: This E-mail and any attachments may be privileged and confidential and
protected from disclosure. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this message
to the intended recipient, you are hereby notified that any disclosure,
copying, distribution or use of this E-mail and any attachments is strictly
prohibited. If you have received this E-mail in error, please notify us
immediately by returning it to the sender and deleting it from your computer
system. Thank you for your cooperation.
**********************************************************************




------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thor@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Re: Thomas Shinder's article on g-to-g vpn, remote location isa/domain controller

Other related posts:
