RE: VPN - Any thoughts on this?
- From: Joe Pochedley <JoePochedley@xxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 11 Oct 2002 13:44:39 -0400
Bryan,
1. If you don't force VPN users to use the default gateway on the VPN's
network, then the remote users are accessing the internet directly, even
while the VPN is active. Any protection you have set on your firewall is
out the window... so for instance if they want to connect to Kaaza while
on the VPN, they can, even if you have the Kaaza ports blocked on your ISA
server. Then if they download a virus infected file and run it, it will
begin to infect your network shares, etc etc (yes, if you have AV software
in place, you'll catch the infections, etc etc, it's just an example, you
can extrapolate from there)...
2. I can't really comment on this one as we don't use Secure NAT for our
remote VPN users... All our users are either Firewall or Proxy clients...
Joe Pochedley
"In the end, if you have cables like
spaghetti on the floor and things only
connect when you swear at them, your
network is perfectly normal." - James Gaskin
-----Original Message-----
From: Bryan Andrews
Sent: Wednesday, October 09, 2002 12:43 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] VPN
http://www.ISAserver.org
I've read the article about vpn by Thomas:
http://www.isaserver.org/pages/article.asp?id=232
And I have a couple of questions if anyone would like to respond:
1. I am operating under the assumption that if you choose to uncheck 'use
the default gateway on the remote network' then you are putting your remote
network at risk as the remote user is then connected to the internet at
their isp and theoretically could expose your network.
2. I don't really understand why you need to use a proxy for http if you are
'using the default gateway on the remote network'. Seems self explanatory.
3. Lastly, how should users connect IM when they are connected via vpn or
use any other internet protocols?
I have never used proxy as all my clients have been secure nat. I'd like the
users to be able to work as they always do when connected.
Any thoughts on this are appreciated. Thanks.
-----Original Message-----
From: Quillman Shawn (RBNA/CIT7) [mailto:Shawn.Quillman@xxxxxxxxxxxx]
Sent: Wednesday, October 09, 2002 12:27 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Changing log file location.
http://www.ISAserver.org
I'm assuming the new folder exists :)
Check the permissions on the new folder and the logs themselves (if you
copied them from the default log folder). If ISA can't access them then
there would be issues. If you did copy the logs into the new folder have
you tried starting the services without anything in the folder and letting
ISA create a new log file?
Also the logs must be on a local volume. I think I remember you saying that
this is the case, but can't remember for sure.
I'll keep thinking, too. These are fairly obvious suggestions.....
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT7
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: itmail@xxxxxxxxxx [mailto:itmail@xxxxxxxxxx]
Sent: Wednesday, October 09, 2002 11:24 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Changing log file location.
http://www.ISAserver.org
Yes, after changing log location I restarted service and they would not
come back till I set the log location back to default.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
JoePochedley@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
