RE: To Chain, or Not To Chain?

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sun, 4 Dec 2005 11:53:20 -0800

Ahh, the good old days.
Sitting around with my friends getting rid of the weak brain cells.

-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] 
Sent: Sunday, December 04, 2005 11:31 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: To Chain, or Not To Chain?

http://www.ISAserver.org

Or smoking pot by then ;)


----- Original Message ----- 
From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Sunday, December 04, 2005 9:58 AM
Subject: [isalist] RE: To Chain, or Not To Chain?


> http://www.ISAserver.org
>
> You haven't finished your first cup by 0855?
> I'm nearly done with the whole pot by then...
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Sunday, December 04, 2005 9:56 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: To Chain, or Not To Chain?
>
> http://www.ISAserver.org
>
> Yes, isn't that what I said?
>
> Hmmm. That's what I get for not waiting for the first cup of Joe to
kick
> in.
>
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
>> -----Original Message-----
>> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
>> Sent: Sunday, December 04, 2005 11:42 AM
>> To: [ISAserver.org Discussion List]
>> Subject: [isalist] RE: To Chain, or Not To Chain?
>>
>> http://www.ISAserver.org
>>
>> Er - I think you mean "configure only the front-end firewall
>> to perform
>> name resolution"?
>> If the back-end does name resolution, this will slow your ISA
>> considerably.
>>
>> -----Original Message-----
>> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
>> Sent: Sunday, December 04, 2005 8:55 AM
>> To: [ISAserver.org Discussion List]
>> Subject: [isalist] RE: To Chain, or Not To Chain?
>>
>> http://www.ISAserver.org
>>
>> If you chain, you can authenticate. Otherwise, you use only IP
address
>> based access control.
>>
>> Configure only the back-end ISA firewall to perform name resolution.
>>
>> Don't enable caching on the front-end ISA firewall.
>>
>> Now you might say "hey Tom, why not just do Firewall chaining
>> if all you
>> want is authenticated connections from the back-end" and that would
be
>> an excellent question.
>>
>> HTH,
>> Tom
>>
>> Thomas W Shinder, M.D.
>> Site: www.isaserver.org
>> Blog: http://spaces.msn.com/members/drisa/
>> Book: http://tinyurl.com/3xqb7
>> MVP -- ISA Firewalls
>> **Who is John Galt?**
>>
>>
>>
>> > -----Original Message-----
>> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
>> > Sent: Sunday, December 04, 2005 1:54 AM
>> > To: [ISAserver.org Discussion List]
>> > Subject: [isalist] To Chain, or Not To Chain?
>> >
>> > http://www.ISAserver.org
>> >
>> > So, in a back-to-back ISA config, how do you guys configure
>> > web access from
>> > the internal network's border ISA server to the edge
>> > network's ISA server?
>> > Do you tell the internal ISA server to chain to the external
>> > ISA server and
>> > create an allow rule for 8080, or do you just tell the
>> > internal ISA that
>> > it's got a direct connection by pointing the external
>> > interface gateway to
>> > the internal interface of the edge ISA box (with
>> > corresponding rules to
>> > allow the traffic)??
>> >
>> > I've done it both ways, and am just digging for more info as
>> > to which method
>> > is better than the other and why.
>> >
>> > t
>> >
>> > -----
>> > "And yet, even if one person finds his way... that means
>> > there is a Way.  Even if I personally fail to reach it."
>> >
>> > Mr. Nobusuke Tagomi
>> > Top Place, Ranking Imperial Trade Mission
>> > Pacific States of America
>> >
>> >
>> > ------------------------------------------------------
>> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
>> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
>> > ------------------------------------------------------
>> > Visit TechGenix.com for more information about our other sites:
>> > http://www.techgenix.com
>> > ------------------------------------------------------
>> > You are currently subscribed to this ISAserver.org Discussion
>> > List as: tshinder@xxxxxxxxxxxxxxxxxx
>> > To unsubscribe visit
>> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> > Report abuse to listadmin@xxxxxxxxxxxxx
>> >
>> >
>>
>> ------------------------------------------------------
>> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> You are currently subscribed to this ISAserver.org Discussion List
as:
>> jim@xxxxxxxxxxxx
>> To unsubscribe visit
>> http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>> All mail to and from this domain is GFI-scanned.
>>
>>
>> ------------------------------------------------------
>> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> You are currently subscribed to this ISAserver.org Discussion
>> List as: tshinder@xxxxxxxxxxxxxxxxxx
>> To unsubscribe visit
>> http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:

> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

• » To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?
• » RE: To Chain, or Not To Chain?

1. Home
2. isalist
3. Archive
4. 12-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---