Re: a problem with secureNAT client

  • From: "Dan Gabbard" <intellihome@xxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 6 Aug 2003 09:31:30 -0700

You have confirmed my suspicions, thank you very much.


      Dan


-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, August 06, 2003 8:27 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: a problem with secureNAT client

http://www.ISAserver.org


Hi Dan,

Great questions! 

Sounds like you're using your ISP's DNS servers for your forwarders on
your internal DNS servers. You can switch the config so that the
internal DNS server use the firewall as their forwarder instead, and
then configure the caching-only DNS server running on the firewall to
use your ISP's DNS servers as forwarders. You can also use high-quality
3rd party DNS services that are "off network" for fault tolerance for
your forwarders. I believe John Tolmachoff offers this kind of service
at a reasonable price. I mention this because I've had an ISP have all
its DNS servers go offline for awhile. Now I use redundant forwarders on
different networks.

I would say that its more secure to have the caching-only DNS server
contacting Internet DNS servers, whether it's a forwarder or otherwise.
In that way, you insure that no external host has direct contact with
your internal boxes.

HTH,
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Dan Gabbard [mailto:intellihome@xxxxxxxxxxx] 
Sent: Wednesday, August 06, 2003 9:58 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: a problem with secureNAT client


http://www.ISAserver.org



Great article Tom, thanks. I've been using forwarders on my inside DNS
but
may change it to use the caching only DNS on ISA. If I'm only using
forwarders, pointing to my ISP's DNS servers, on the inside DNS server
is
that more/less/equivalent secure than having it forward the requests to
a
caching only DNS server on ISA?

      Dan

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, August 06, 2003 7:17 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: a problem with secureNAT client

http://www.ISAserver.org


Hey guys,

Check out:

http://isaserver.org/articles/snatdns.html

I think this might help solve a common problem with name resolution in
smaller environments.

HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: shane mullins [mailto:tsmullins@xxxxxxxxxxxxxx] 
Sent: Wednesday, August 06, 2003 7:57 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: a problem with secureNAT client


http://www.ISAserver.org


check your dns.  with the secure nat client the workstation must be able
to
resolve dns on its own.

shane

----- Original Message ----- 
From: "Amir" <amir_7031@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, August 05, 2003 7:08 PM
Subject: [isalist] a problem with secureNAT client


> http://www.ISAserver.org
>
>
>
>   Hello,
>
>   I have a ISA server in my home network.i have no DHCP server.i want
to
> configure a client to be secureNAT,bat i couldn't.when i configure
default
> Gateway to ISA server IP on client ,it computer can not ping the IP on
the
> external subnet such as Internet and i can not see any web page from
> client.Please help me.
>
> Thanks
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
tsmullins@xxxxxxxxxxxxxx
> To unsubscribe send a blank email to
$subst('Email.Unsub')
>
>
>


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
intellihome@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
intellihome@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 08-2003