Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: MS KB951748 - Causing Issue with VPN for FW Client Users?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: MS KB951748 - Causing Issue with VPN for FW Client ... - 29.Jul.2008 11:48:15 AM
|
|
|
mdriest
Posts: 67
Joined: 18.Dec.2003
Status: offline
|
Hi Tom,
Since you're an IT Guy that's a good guess that I'm already extremely busy :) My life in IT is yes, BUSY, but providing assistance with problems like these to Microsoft or the IT community is something I feel compelled to do. Especially since there are many others in the community that are great about sharing solutions to troublesome problems which helps us all out.
Do you have a magic wand that you could wave that would solve all of IT's problems? Oh wait then there would be no need for IT folks :) Nevermind that thought.
Thanks!
Mike Driest
_____________________________
Mike Driest
Network/Systems Administrator
MCSA + Security
Industrial Control Repair
www.industrialcontrolrepair.com
|
|
|
|
|
RE: MS KB951748 - Causing Issue with VPN for FW Client ... - 30.Jul.2008 12:33:30 PM
|
|
|
mdriest
Posts: 67
Joined: 18.Dec.2003
Status: offline
|
Hi Tom,
Haha that's too funny!
We have a set of PIX Firewalls on the Front End and they're good for blocking your standard garbage attacks, but our Production ISA Firewalls are the Back End brains of the operation so I consider myself an ISA Firewall Admin NOT a Hardware Firewall Admin.
I never like placing all of my eggs in one basket. Back to Back ISA is ugly as it doesn't permit two way NAT with multiple IP Addresses maybe MS will fix that someday.
Mike Driest
_____________________________
Mike Driest
Network/Systems Administrator
MCSA + Security
Industrial Control Repair
www.industrialcontrolrepair.com
|
|
|
|
|
RE: MS KB951748 - Causing Issue with VPN for FW Client ... - 5.Aug.2008 9:07:39 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
That's the point. Use the right tools to get the desired results. The "hardware" v. "software" debate is over -- all devices use both.
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: MS KB951748 - Causing Issue with VPN for FW Client ... - 5.Aug.2008 2:58:53 PM
|
|
|
mdriest
Posts: 67
Joined: 18.Dec.2003
Status: offline
|
I would hope that the "hardware" vs. "software" debate is over because you're exactly right - all devices use both.
I'd consider the Cisco PIX or ASA to be an appliance because it uses hardware and software.
Now our ISA Servers I don't consider an appliance since they're servers from an OEM running Microsoft Windows Server 2003 and finally ISA Server 2006 Enterprise (we sourced, installed and configured ourselves). It is good to see though that ISA Servers are being sold as appliances.
Have you had experience with ISA appliances?
_____________________________
Mike Driest
Network/Systems Administrator
MCSA + Security
Industrial Control Repair
www.industrialcontrolrepair.com
|
|
|
|
|
RE: MS KB951748 - Causing Issue with VPN for FW Client ... - 7.Aug.2008 7:11:52 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Mike,
I've used a few different ISA appliances and really like the Celestix offerings. The nice thing about appliances is that you have a one stop shop for hardware and software support. So, I don't have to call MS for ISA and Windows assistance and another vendor to get a replacement unit if the one I have fails. Celestix also has a nice bare metal recovery system so you can get back up to speed pretty quick if you want to crater the box (or if the box has been crated for you) and start over.
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: MS KB951748 - Causing Issue with VPN for FW Client ... - 7.Aug.2008 9:34:41 AM
|
|
|
mdriest
Posts: 67
Joined: 18.Dec.2003
Status: offline
|
Good to hear in regards to Celestix. About 3 years ago I stumbled across them but we've decided to stick with our server vendor and layer ISA on top of that.
Do the Celestix appliances have any sort of lights-out remote management capability like HP's Integrated Lights-Out (iLO) or Dell's Remote Access Controller (RAC)?
Thanks!
_____________________________
Mike Driest
Network/Systems Administrator
MCSA + Security
Industrial Control Repair
www.industrialcontrolrepair.com
|
|
|
|
|
RE: MS KB951748 - Causing Issue with VPN for FW Client ... - 11.Aug.2008 12:45:17 PM
|
|
|
celestix_rhicks
Posts: 3
Joined: 22.May2008
Status: offline
|
Hi Mike,
None of our Celestix appliances include any sort of 'lights out' management such as HP's ILO. We have not had many customers request this feature, and honestly with an appliance such as our it really isn't a requirement. Our appliances are designed to be operated 'headless', and as such you can configure the system from the front panel using the jog dial. If there are catastrophic issues, you can restore the unit from either a 'last good version' (an image that you create of your fully configured appliance), or the factory default image.
_____________________________
Richard Hicks
Celestix Networks, Inc.
http://www.celestix.com/
|
|
|
|
|
RE: MS KB951748 - Causing Issue with VPN for FW Client ... - 11.Aug.2008 1:15:56 PM
|
|
|
mdriest
Posts: 67
Joined: 18.Dec.2003
Status: offline
|
Hello Richard,
The reason I ask about the lights out feature is because if you run into a hard server crash (blue screen of death) or other crash where the server isn't pingable or able to be managed using conventional methods. With Dell's RAC they provide a dedicated NIC (completely seperate from OS) where you could start or restart the server remotely along with the ability to interact with the server using a virtual console.
I will say that this feature is rarely ever used with our Production ISA Servers but it is used with other Production Servers. Having the option is great peace of mind knowing I could try to resolve an issue remotely without the requirement to physically be at the server which would involve driving into the office after hours or on a weekend.
It's good that the appliances are designed to be "headless" and configuration from the Front Panel is definitely a benefit.
Thanks for the information!
Mike Driest
_____________________________
Mike Driest
Network/Systems Administrator
MCSA + Security
Industrial Control Repair
www.industrialcontrolrepair.com
|
|
|
|
|
RE: MS KB951748 - Causing Issue with VPN for FW Client ... - 11.Aug.2008 8:11:53 PM
|
|
|
celestix_rhicks
Posts: 3
Joined: 22.May2008
Status: offline
|
Hi Mike,
As a veteran of many years as a systems engineer for a large financial services company, I have supported thousands of servers at various remote locations and definitely know the value of ILO. I'll suggest this feature to our product management team, and if enough people ask for it, it will be a feature eventually. : )
Thanks!
_____________________________
Richard Hicks
Celestix Networks, Inc.
http://www.celestix.com/
|
|
|
|
|
RE: MS KB951748 - Causing Issue with VPN for FW Client ... - 12.Aug.2008 9:10:33 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Richard,
Another thing to consider is Intel vPro. A lot of servers have this feature but the admins don't turn it on. vPro can give you that kind of "lights out" support too.
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: MS KB951748 - Causing Issue with VPN for FW Client ... - 12.Aug.2008 9:18:14 AM
|
|
|
mdriest
Posts: 67
Joined: 18.Dec.2003
Status: offline
|
I hadn't heard back from MS/ISA Product Team on this so I sent a quick follow up email today.
_____________________________
Mike Driest
Network/Systems Administrator
MCSA + Security
Industrial Control Repair
www.industrialcontrolrepair.com
|
|
|
|
|
RE: MS KB951748 - Causing Issue with VPN for FW Client ... - 13.Aug.2008 12:47:45 PM
|
|
|
Jason Jones
Posts: 2121
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
|
quote:
ORIGINAL: celestix_rhicks
Hi Mike,
As a veteran of many years as a systems engineer for a large financial services company, I have supported thousands of servers at various remote locations and definitely know the value of ILO. I'll suggest this feature to our product management team, and if enough people ask for it, it will be a feature eventually. : )
Thanks!
Hi Richard,
I think it would be a good addition to the feature set.
As an alterantive, how about conneting an existing server which does have ILO to the console connection on the celestix appliance - would this work?
Cheers
JJ
_____________________________
Jason Jones (MVP)
Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/
Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: MS KB951748 - Causing Issue with VPN for FW Client ... - 15.Aug.2008 8:53:29 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Have you guys checked into the Intel vPro feature set? I think that vPro might give us a lot more "lights out" functionality than what HP has to offer. Its *very* cool and something I've been studying lately.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: MS KB951748 - Causing Issue with VPN for FW Client ... - 15.Aug.2008 2:21:14 PM
|
|
|
mdriest
Posts: 67
Joined: 18.Dec.2003
Status: offline
|
I've heard about Intel vPRO and that it's supposed to offer new cool remote management options but I've had no spare time to read about it.
I'll add this to my ideas list for cool new things to look into. Thanks Tom!
_____________________________
Mike Driest
Network/Systems Administrator
MCSA + Security
Industrial Control Repair
www.industrialcontrolrepair.com
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
