RE: VPN through a PIX to an ISA Server 2004

  • From: "Troy Radtke" <TRadtke@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 8 Jul 2005 13:35:34 -0500

Once again I'm impressed that people don't want to use multiple layers
in defense..... =?(  

ACL's are an easy way of mass screening traffic that flows into your
network....  With a few minutes of typing, you can screen out just about
everything you don't want coming in, to leave the ISA to do the job it
does best, payload inspection......

You could have just pointed him to Cisco's web page, and all the
documentation you could ever want is located right there.  Plenty of
bathroom reading there too about security in depth and layered
approaches.  Even if you don't agree with it, it is something you should
understand.


-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx] 
Sent: Friday, July 08, 2005 1:09 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN through a PIX to an ISA Server 2004


http://www.ISAserver.org

The first correct thing that you have uttered...I'm impressed....:)) 

-----Original Message-----
From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] 
Sent: Friday, July 08, 2005 3:08 PM
To: ISA Mailing List
Subject: [isalist] RE: VPN through a PIX to an ISA Server 2004

http://www.ISAserver.org

Do this:

Internet - ISA Server - LAN

Or 

Internet - PIX (open all ports to ISA Server) - ISA Server - LAN

Andrew ;)


-----Original Message-----
From: Peter [mailto:pladd@xxxxxxxx]
Sent: Friday, July 08, 2005 11:09 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] VPN through a PIX to an ISA Server 2004

http://www.ISAserver.org

Greetings,

I have a PIX 515e running the latest IOS (7.0).  I am setting up a back
to back scenario where the PIX is the perimeter firewall with the
ISA2004 connected to the inside interface of the PIX.  I am able to pass
SMTP and Web Traffic fine.  However, I want to use the ISA as VPN
server.  Thus, I need the PIX to allow the VPN traffic through to the
ISA Server so that it can authenticate and created the tunnel.  Here is
my config

Internet - PIX - ISA Server - LAN

PIX external:  x.x.x.166  PIX Internal 10.0.10.1 ISA exteranl:
10.0.10.2  ISA Internal 192.168.50.3

I guess what I really need is the commands/Caveats to allow the PIX to
pass the vpn traffic.

Any suggestion or comments welcome and appreciated.

Thank you 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
andrew@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

The correct technical term for haggis stalking is "havering". 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 07-2005