Ahh, the good old days. Sitting around with my friends getting rid of the weak brain cells. -----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Sunday, December 04, 2005 11:31 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: To Chain, or Not To Chain? http://www.ISAserver.org Or smoking pot by then ;) ----- Original Message ----- From: "Jim Harrison" <Jim@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Sunday, December 04, 2005 9:58 AM Subject: [isalist] RE: To Chain, or Not To Chain? > http://www.ISAserver.org > > You haven't finished your first cup by 0855? > I'm nearly done with the whole pot by then... > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Sunday, December 04, 2005 9:56 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: To Chain, or Not To Chain? > > http://www.ISAserver.org > > Yes, isn't that what I said? > > Hmmm. That's what I get for not waiting for the first cup of Joe to kick > in. > > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > >> -----Original Message----- >> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] >> Sent: Sunday, December 04, 2005 11:42 AM >> To: [ISAserver.org Discussion List] >> Subject: [isalist] RE: To Chain, or Not To Chain? >> >> http://www.ISAserver.org >> >> Er - I think you mean "configure only the front-end firewall >> to perform >> name resolution"? >> If the back-end does name resolution, this will slow your ISA >> considerably. >> >> -----Original Message----- >> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] >> Sent: Sunday, December 04, 2005 8:55 AM >> To: [ISAserver.org Discussion List] >> Subject: [isalist] RE: To Chain, or Not To Chain? >> >> http://www.ISAserver.org >> >> If you chain, you can authenticate. Otherwise, you use only IP address >> based access control. >> >> Configure only the back-end ISA firewall to perform name resolution. >> >> Don't enable caching on the front-end ISA firewall. >> >> Now you might say "hey Tom, why not just do Firewall chaining >> if all you >> want is authenticated connections from the back-end" and that would be >> an excellent question. >> >> HTH, >> Tom >> >> Thomas W Shinder, M.D. >> Site: www.isaserver.org >> Blog: http://spaces.msn.com/members/drisa/ >> Book: http://tinyurl.com/3xqb7 >> MVP -- ISA Firewalls >> **Who is John Galt?** >> >> >> >> > -----Original Message----- >> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] >> > Sent: Sunday, December 04, 2005 1:54 AM >> > To: [ISAserver.org Discussion List] >> > Subject: [isalist] To Chain, or Not To Chain? >> > >> > http://www.ISAserver.org >> > >> > So, in a back-to-back ISA config, how do you guys configure >> > web access from >> > the internal network's border ISA server to the edge >> > network's ISA server? >> > Do you tell the internal ISA server to chain to the external >> > ISA server and >> > create an allow rule for 8080, or do you just tell the >> > internal ISA that >> > it's got a direct connection by pointing the external >> > interface gateway to >> > the internal interface of the edge ISA box (with >> > corresponding rules to >> > allow the traffic)?? >> > >> > I've done it both ways, and am just digging for more info as >> > to which method >> > is better than the other and why. >> > >> > t >> > >> > ----- >> > "And yet, even if one person finds his way... that means >> > there is a Way. Even if I personally fail to reach it." >> > >> > Mr. Nobusuke Tagomi >> > Top Place, Ranking Imperial Trade Mission >> > Pacific States of America >> > >> > >> > ------------------------------------------------------ >> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist >> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ >> > ------------------------------------------------------ >> > Visit TechGenix.com for more information about our other sites: >> > http://www.techgenix.com >> > ------------------------------------------------------ >> > You are currently subscribed to this ISAserver.org Discussion >> > List as: tshinder@xxxxxxxxxxxxxxxxxx >> > To unsubscribe visit >> > http://www.webelists.com/cgi/lyris.pl?enter=isalist >> > Report abuse to listadmin@xxxxxxxxxxxxx >> > >> > >> >> ------------------------------------------------------ >> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ >> ------------------------------------------------------ >> Visit TechGenix.com for more information about our other sites: >> http://www.techgenix.com >> ------------------------------------------------------ >> You are currently subscribed to this ISAserver.org Discussion List as: >> jim@xxxxxxxxxxxx >> To unsubscribe visit >> http://www.webelists.com/cgi/lyris.pl?enter=isalist >> Report abuse to listadmin@xxxxxxxxxxxxx >> >> All mail to and from this domain is GFI-scanned. >> >> >> ------------------------------------------------------ >> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ >> ------------------------------------------------------ >> Visit TechGenix.com for more information about our other sites: >> http://www.techgenix.com >> ------------------------------------------------------ >> You are currently subscribed to this ISAserver.org Discussion >> List as: tshinder@xxxxxxxxxxxxxxxxxx >> To unsubscribe visit >> http://www.webelists.com/cgi/lyris.pl?enter=isalist >> Report abuse to listadmin@xxxxxxxxxxxxx >> >> > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > thor@xxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.