Hopefully I'll have a chance to read it today... > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros- > bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones > Sent: Friday, February 01, 2008 6:47 AM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: Using ISA Server to Extend Server and Domain > Isolation Interoperability > > I remember looking at this document when it first came out and not > being greatly impressed. > > TBH I am sceptical of the whole server and domain isolation model as > from my experience it is actually very hard if not impossible to put > the design into practice unless the customers is willing to spend an > awful lot of money to invest in the time needed to define all the > necessary elements. I've always like the "security clarity" of this > approach, but often fallen at the first hurdle when looking at > implementation. > > Most companies (outside of MS corp) just don't seem to know enough > about their own infrastructure/environment to even begin looking at the > SDI model - often, it is hard enough trying to do internal firewalling > with ISA Server and that is just for a small subset of applications!! > > Have anyone actually implemented an SDI design for a customer? Am I way > off base here or it is actually achievable??? > > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros- > bounce@xxxxxxxxxxxxx] On Behalf Of Stefaan Pouseele > Sent: 30 January 2008 14:19 > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Using ISA Server to Extend Server and Domain > Isolation Interoperability > > Hi, > > did anyone study are try out the guide > http://www.microsoft.com/downloads/details.aspx?FamilyID=589fcf8e-0511- > 4c22- > a39e-6b841dd3c74f&displaylang=en ? > > I'm just starting to read it and it seems not to be very consistent! :- > ( > > If I got it right the External network is the IPsec world (Isolation > Domain) > and the Internal network is the non-IPsec world. The ISA is member of > the > Isolation Domain. > I would expect a NAT relationship from the Internal network (non-IPsec > world) to the External network (IPsec world). However the procedure > given > seems to reverse the direction!?!? > > Further down the guide there is IMHO more inconsistentcy when they talk > about "Creating a Server Publishing Rule". > > Hmm... I'm missing something??? > > Best Regards, > Stefaan > > MVP ISA Server > http://www.isaserver.org/Stefaan_Pouseele/ > http://blogs.isaserver.org/pouseele/ > > > > > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual to whom it is addressed. > If you have received this email in error, or if you believe this email > is unsolicited and wish to be removed from any future mailings, please > contact our Support Desk immediately on 01202 360360 or email > helpdesk@xxxxxxxxxxxxxxxxx > > If this email contains a quotation then unless otherwise stated it is > valid for 7 days and offered subject to Silversands Professional > Services Terms and Conditions, a copy of which is available on request. > Any pricing information, design information or information concerning > specific Silversands' staff contained in this email is considered > confidential or of commercial interest and exempt from the Freedom of > Information Act 2000. > > Any view or opinions presented are solely those of the author and do > not necessarily represent those of Silversands > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX. > Company Registration Number : 2141393. >