Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Discussion of the Getting Started with ISA2004 article
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 8:50:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by unclehughie:
Tom
Ah, those publishers never know what's good for them!
The new SBS2003 Standard Version - that is, Win2K3, Exchange Server 2003, Sharepoint Services and five Outlook 2003 client licences, but without ISA Server 2000 and SQL Server - is a great bargain. Also, the 2003 version allows you to run additional member servers in the SBS domain. I notice also that in ISA Server 2004, you no longer have to go with static packet filters to co-locate servers: you just use a publishing rule. This raises two interesting possibilities:
1. Install SBS2003 as the domain controller and put ISA 2004 on a separate member server connected to the Internet.
2. Install ISA 2004 on the SBS domain controller itself if you don't have a separate Win2K3 Server available.
What do you think?
Hi Unk,
1. Definitely the way to go. ISA2004 is designed as a network firewall, not a personal (host based) firewall.
2. Might work, not officially supported yet from what I understand. Definitley not the preferred config.
HTH,
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 9:28:00 PM
|
|
|
kevin.miller
Posts: 6
Joined: 12.Jun.2003
Status: offline
|
Does the BETA support RADIUS passthrough? I have been trying to set up a back-to-back VPN, and would like to have the users use their information when VPN into the first firewall. ISA 2000 does not provide that capability. Using RADIUS for authentication would have a large burden lifted off my back. Thank you in advance.
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 9:41:00 PM
|
|
|
Linke Loe
Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
|
I have a permanent VPN connection with a friend of mine (PPTP), but I can't seem to produce any kind of traffic on the VPN. When I look in Routing and Remote Access, I can see my friend is connected, he gets an IP (wich is defined in my internal network), but I can't ping that IP, nor an IP on his internal network.
What should I do to get VPN working?
I also try to publish my OWA 2003 by SSL-bridging, but the way web publishing is set up has changed a lot too. Will you do an article about this one too?
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 10:44:00 PM
|
|
|
andifur
Posts: 143
Joined: 25.Oct.2001
From: Eastern PA
Status: offline
|
Looking over the boards here the last couple of years. I think I may have taken ISA 2000 to whole new hights. 4 LB (Stonesoft) servers, 9 public DMZ's and 2 private DMZ's (business links). Been working great for about a year now. all servers up for 6 months.
ISA-04 looks great. I like the ability to create relations. That is one thing that ISA-00 was missing.
IP-Sec! THANK GOD... Why such the delay. The problem now is everyone is moving from 3des to AES-256. Gota stay on top of this.
I am going to create a test lab with our DMZ's. I sure hope 04 will work they way I want it to. Its going to take a whie to get used to the way things work now.
I am a big Microsoft fan, (Well sort of) but I have to say. Its great to see them actually listen to their customers on the boards.
the import/export is going to be great for all 4 servers. I LOVE the ability to delegate controll and also the save/discard tool. KEY!
Well ack to hammering away at it. Hopefull I get the hang of it real soon.
[ January 29, 2004, 10:46 PM: Message edited by: andifur ]
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 10:52:00 PM
|
|
|
Guest
|
In ISA 2000 when you create the Private B2B network, you make the internal ISA a member of the internal Active Directory Domain, what would now happen if all you need is one ISA with many Networks?. How would this affect security and how would you be confident that if one network is hacked, the other won't bearing in mind that before I use firewall and routing chaining. Would chaining still be possible and secure.
Thanks.
Jimmy
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 10:54:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by kevin.miller:
Does the BETA support RADIUS passthrough? I have been trying to set up a back-to-back VPN, and would like to have the users use their information when VPN into the first firewall. ISA 2000 does not provide that capability. Using RADIUS for authentication would have a large burden lifted off my back. Thank you in advance.
Hi Kevin,
That's a great question! I'll put that on my list of things to test out. I hadn't thought of that one.
Thanks!
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 10:58:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by Linke Loe:
I have a permanent VPN connection with a friend of mine (PPTP), but I can't seem to produce any kind of traffic on the VPN. When I look in Routing and Remote Access, I can see my friend is connected, he gets an IP (wich is defined in my internal network), but I can't ping that IP, nor an IP on his internal network.
What should I do to get VPN working?
I also try to publish my OWA 2003 by SSL-bridging, but the way web publishing is set up has changed a lot too. Will you do an article about this one too?
Hi Linke,
You doing this on an ISA2004 machine?
Thanks!
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 10:59:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by andifur:
Looking over the boards here the last couple of years. I think I may have taken ISA 2000 to whole new hights. 4 LB (Stonesoft) servers, 9 public DMZ's and 2 private DMZ's (business links). Been working great for about a year now. all servers up for 6 months.
ISA-04 looks great. I like the ability to create relations. That is one thing that ISA-00 was missing.
IP-Sec! THANK GOD... Why such the delay. The problem now is everyone is moving from 3des to AES-256. Gota stay on top of this.
I am going to create a test lab with our DMZ's. I sure hope 04 will work they way I want it to. Its going to take a whie to get used to the way things work now.
I am a big Microsoft fan, (Well sort of) but I have to say. Its great to see them actually listen to their customers on the boards.
the import/export is going to be great for all 4 servers. I LOVE the ability to delegate controll and also the save/discard tool. KEY!
Well ack to hammering away at it. Hopefull I get the hang of it real soon.
Hi Anthony,
Sounds like you have a killer ISA2000 setup! Can't wait to see what you do with ISA2004.
Thanks!
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 11:01:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by <jimmy>:
In ISA 2000 when you create the Private B2B network, you make the internal ISA a member of the internal Active Directory Domain, what would now happen if all you need is one ISA with many Networks?. How would this affect security and how would you be confident that if one network is hacked, the other won't bearing in mind that before I use firewall and routing chaining. Would chaining still be possible and secure.
Thanks.
Jimmy
Hi Jimmy,
Back to back with Web Proxy and Firewall chaining is still more secure than a single firewall with multiple interfaces. However, a single ISA2004 can provided better DMZ support than a single ISA2000.
Thanks!
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 11:47:00 PM
|
|
|
Guest
|
Hi Tom,
In the previous verson of ISA, when one created a B2B Private network, you use 2 ISAs. From what I have gathered so far, one ISA2004 will do the job. What happens to the firewall and
routing chaining. What happens if when any of the 3 networks (External, Internal and DMZ) get hacked, wont that affect the others. If you can do firewall chaining, whose users are you going to use. Would this really be secured?
How do you configure the interfaces is it going to be like before? What about VPN using certisicate? Do you still disable the Certificate Services or it won't matter any more
Thanks.
Samson
Thanks.
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 1:04:00 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Samson,
A back to back will always be more secure than a single device with multiple interfaces. Web and Firewall chaining make it even better.
HTH,
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 2:37:00 AM
|
|
|
Justin
Posts: 13
Joined: 22.Feb.2002
Status: offline
|
Any word on UPnP support or perhaps the firewall client supporting MSN Messenger better? Kinda sad that we cant do video conferencing with messenger thru a MS firewall but can trhough a <$100 cable router.
Justin
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 3:25:00 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Justin,
No word on it yet, but they are aware that this is a *very popular* request!
Thanks!
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 9:05:00 AM
|
|
|
Guest
|
Hi Tom,
How would VPN be created in a B2B Priviate network. I am very interested in setting this up now so that the big men will begin to appreciate my recommendation and make the money available when the final version of ISA2004 is released. But i must get it right. I will prefer to us 2 ISAs.
Thanks.
Samson
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 9:21:00 AM
|
|
|
Linke Loe
Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
|
quote:
Originally posted by tshinder:
quote:
Originally posted by Linke Loe:
I have a permanent VPN connection with a friend of mine (PPTP), but I can't seem to produce any kind of traffic on the VPN. When I look in Routing and Remote Access, I can see my friend is connected, he gets an IP (wich is defined in my internal network), but I can't ping that IP, nor an IP on his internal network.
What should I do to get VPN working?
I also try to publish my OWA 2003 by SSL-bridging, but the way web publishing is set up has changed a lot too. Will you do an article about this one too?
Hi Linke,
You doing this on an ISA2004 machine?
Thanks!
Tom
What do you mean by 'this'? The VPN or the OWA publishing?
Under ISA 2000 the VPN was no problem, but I can't get it working under ISA 2004. It's just to test things out, before we consider building an IPsec tunnel. Also when I'm on the road, I would like to make a VPN connection to my network. The connection is there, I get an IP-address, but there's no traffic. Should the range of IP-addresses for VPN clients be within the defined internal network, or should I create a separate network for VPN clients?
For the OWA publishing under ISA 2000 I followed your article regarding SSL-bridging, but thins have changed a lot, so I was wondering if there will be an article about SSL-bridging and OWA on ISA 2004.
[ January 30, 2004, 09:31 AM: Message edited by: Linke Loe ]
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 12:15:00 PM
|
|
|
mnemonic
Posts: 4
Joined: 30.Aug.2002
Status: offline
|
Hello.
Quarantined mode work with client who have connection manager create only with CMAK? and was it worked if I create connection manually?
Thanks
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 5:02:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by <samson>:
Hi Tom,
How would VPN be created in a B2B Priviate network. I am very interested in setting this up now so that the big men will begin to appreciate my recommendation and make the money available when the final version of ISA2004 is released. But i must get it right. I will prefer to us 2 ISAs.
Thanks.
Samson
Hi Samson,
ISA2004 will do site to site links with any other VPN gateway device now. It supports PPTP, L2TP/IPSec and IPSec tunnel mode. Very cool! I'll do a tutorial on it in the near future, but until then, check out the solution docs on the MS ISA2004 page, there is some info on how to create the site to site links there.
HTH,
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 5:05:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by Linke Loe:
quote:
Originally posted by tshinder:
quote:
Originally posted by Linke Loe:
I have a permanent VPN connection with a friend of mine (PPTP), but I can't seem to produce any kind of traffic on the VPN. When I look in Routing and Remote Access, I can see my friend is connected, he gets an IP (wich is defined in my internal network), but I can't ping that IP, nor an IP on his internal network.
What should I do to get VPN working?
I also try to publish my OWA 2003 by SSL-bridging, but the way web publishing is set up has changed a lot too. Will you do an article about this one too?
Hi Linke,
You doing this on an ISA2004 machine?
Thanks!
Tom
What do you mean by 'this'? The VPN or the OWA publishing?
Under ISA 2000 the VPN was no problem, but I can't get it working under ISA 2004. It's just to test things out, before we consider building an IPsec tunnel. Also when I'm on the road, I would like to make a VPN connection to my network. The connection is there, I get an IP-address, but there's no traffic. Should the range of IP-addresses for VPN clients be within the defined internal network, or should I create a separate network for VPN clients?
For the OWA publishing under ISA 2000 I followed your article regarding SSL-bridging, but thins have changed a lot, so I was wondering if there will be an article about SSL-bridging and OWA on ISA 2004.
Hi Linke,
I wasn't sure if you were doing this in ISA2004, but it sounds like you are. The site to site stuff is quite different in ISA2004. I'll be doing a tutorial on this in the near future, but until then check out the MS solution docs on the ISA2004 page on the MS site.
I will be publishing a doc today on how to use a Wildcard cert with ISA2004 and there will be some info on OWA publishing.
Stay tuned!
Thanks!
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 5:07:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by mnemonic:
Hello.
Quarantined mode work with client who have connection manager create only with CMAK? and was it worked if I create connection manually?
Thanks
Hi Memory,
You'll have to use the CMAK from what I understand.
HTH,
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 31.Jan.2004 12:06:00 AM
|
|
|
Linke Loe
Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
|
quote:
Originally posted by tshinder:
quote:
Originally posted by Linke Loe:
quote:
Originally posted by tshinder:
quote:
Originally posted by Linke Loe:
I have a permanent VPN connection with a friend of mine (PPTP), but I can't seem to produce any kind of traffic on the VPN. When I look in Routing and Remote Access, I can see my friend is connected, he gets an IP (wich is defined in my internal network), but I can't ping that IP, nor an IP on his internal network.
What should I do to get VPN working?
I also try to publish my OWA 2003 by SSL-bridging, but the way web publishing is set up has changed a lot too. Will you do an article about this one too?
Hi Linke,
You doing this on an ISA2004 machine?
Thanks!
Tom
What do you mean by 'this'? The VPN or the OWA publishing?
Under ISA 2000 the VPN was no problem, but I can't get it working under ISA 2004. It's just to test things out, before we consider building an IPsec tunnel. Also when I'm on the road, I would like to make a VPN connection to my network. The connection is there, I get an IP-address, but there's no traffic. Should the range of IP-addresses for VPN clients be within the defined internal network, or should I create a separate network for VPN clients?
For the OWA publishing under ISA 2000 I followed your article regarding SSL-bridging, but thins have changed a lot, so I was wondering if there will be an article about SSL-bridging and OWA on ISA 2004.
Hi Linke,
I wasn't sure if you were doing this in ISA2004, but it sounds like you are. The site to site stuff is quite different in ISA2004. I'll be doing a tutorial on this in the near future, but until then check out the MS solution docs on the ISA2004 page on the MS site.
I will be publishing a doc today on how to use a Wildcard cert with ISA2004 and there will be some info on OWA publishing.
Stay tuned!
Thanks!
Tom
Thanks Tom. I'll take a look at the MS site for the site to site VPN and i'll wait for your articles...
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
