Christmas holiday cheer and relatives, which required some frontal lobe anesthesia to handle the situation. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Sunday, December 04, 2005 11:59 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: To Chain, or Not To Chain? > > http://www.ISAserver.org > > You haven't finished your first cup by 0855? > I'm nearly done with the whole pot by then... > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Sunday, December 04, 2005 9:56 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: To Chain, or Not To Chain? > > http://www.ISAserver.org > > Yes, isn't that what I said? > > Hmmm. That's what I get for not waiting for the first cup of > Joe to kick > in. > > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > -----Original Message----- > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > Sent: Sunday, December 04, 2005 11:42 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: To Chain, or Not To Chain? > > > > http://www.ISAserver.org > > > > Er - I think you mean "configure only the front-end firewall > > to perform > > name resolution"? > > If the back-end does name resolution, this will slow your ISA > > considerably. > > > > -----Original Message----- > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > Sent: Sunday, December 04, 2005 8:55 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: To Chain, or Not To Chain? > > > > http://www.ISAserver.org > > > > If you chain, you can authenticate. Otherwise, you use only > IP address > > based access control. > > > > Configure only the back-end ISA firewall to perform name resolution. > > > > Don't enable caching on the front-end ISA firewall. > > > > Now you might say "hey Tom, why not just do Firewall chaining > > if all you > > want is authenticated connections from the back-end" and > that would be > > an excellent question. > > > > HTH, > > Tom > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://spaces.msn.com/members/drisa/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > **Who is John Galt?** > > > > > > > > > -----Original Message----- > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > > Sent: Sunday, December 04, 2005 1:54 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] To Chain, or Not To Chain? > > > > > > http://www.ISAserver.org > > > > > > So, in a back-to-back ISA config, how do you guys configure > > > web access from > > > the internal network's border ISA server to the edge > > > network's ISA server? > > > Do you tell the internal ISA server to chain to the external > > > ISA server and > > > create an allow rule for 8080, or do you just tell the > > > internal ISA that > > > it's got a direct connection by pointing the external > > > interface gateway to > > > the internal interface of the edge ISA box (with > > > corresponding rules to > > > allow the traffic)?? > > > > > > I've done it both ways, and am just digging for more info as > > > to which method > > > is better than the other and why. > > > > > > t > > > > > > ----- > > > "And yet, even if one person finds his way... that means > > > there is a Way. Even if I personally fail to reach it." > > > > > > Mr. Nobusuke Tagomi > > > Top Place, Ranking Imperial Trade Mission > > > Pacific States of America > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion > > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > jim@xxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >