• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Discussion of the Getting Started with ISA2004 article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> RE: Discussion of the Getting Started with ISA2004 article Page: <<   < prev  1 2 [3] 4   next >   >>
Login
Message << Older Topic   Newer Topic >>
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 8:50:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by unclehughie:
Tom
Ah, those publishers never know what's good for them!
The new SBS2003 Standard Version - that is, Win2K3, Exchange Server 2003, Sharepoint Services and five Outlook 2003 client licences, but without ISA Server 2000 and SQL Server - is a great bargain. Also, the 2003 version allows you to run additional member servers in the SBS domain. I notice also that in ISA Server 2004, you no longer have to go with static packet filters to co-locate servers: you just use a publishing rule. This raises two interesting possibilities:
1. Install SBS2003 as the domain controller and put ISA 2004 on a separate member server connected to the Internet.
2. Install ISA 2004 on the SBS domain controller itself if you don't have a separate Win2K3 Server available.
What do you think?

Hi Unk,

1. Definitely the way to go. ISA2004 is designed as a network firewall, not a personal (host based) firewall.
2. Might work, not officially supported yet from what I understand. Definitley not the preferred config.

HTH,
Tom

(in reply to tshinder)
Post #: 41
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 9:28:00 PM   
kevin.miller

 

Posts: 6
Joined: 12.Jun.2003
Status: offline
Does the BETA support RADIUS passthrough? I have been trying to set up a back-to-back VPN, and would like to have the users use their information when VPN into the first firewall. ISA 2000 does not provide that capability. Using RADIUS for authentication would have a large burden lifted off my back. Thank you in advance.

(in reply to tshinder)
Post #: 42
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 9:41:00 PM   
Linke Loe

 

Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
I have a permanent VPN connection with a friend of mine (PPTP), but I can't seem to produce any kind of traffic on the VPN. When I look in Routing and Remote Access, I can see my friend is connected, he gets an IP (wich is defined in my internal network), but I can't ping that IP, nor an IP on his internal network.

What should I do to get VPN working?

I also try to publish my OWA 2003 by SSL-bridging, but the way web publishing is set up has changed a lot too. Will you do an article about this one too?

(in reply to tshinder)
Post #: 43
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 10:44:00 PM   
andifur

 

Posts: 143
Joined: 25.Oct.2001
From: Eastern PA
Status: offline
Looking over the boards here the last couple of years. I think I may have taken ISA 2000 to whole new hights. 4 LB (Stonesoft) servers, 9 public DMZ's and 2 private DMZ's (business links). Been working great for about a year now. all servers up for 6 months.

ISA-04 looks great. I like the ability to create relations. That is one thing that ISA-00 was missing.

IP-Sec! THANK GOD... Why such the delay. The problem now is everyone is moving from 3des to AES-256. Gota stay on top of this.

I am going to create a test lab with our DMZ's. I sure hope 04 will work they way I want it to. Its going to take a whie to get used to the way things work now.

I am a big Microsoft fan, (Well sort of) but I have to say. Its great to see them actually listen to their customers on the boards.

the import/export is going to be great for all 4 servers. I LOVE the ability to delegate controll and also the save/discard tool. KEY!

Well ack to hammering away at it. Hopefull I get the hang of it real soon.

[ January 29, 2004, 10:46 PM: Message edited by: andifur ]

(in reply to tshinder)
Post #: 44
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 10:52:00 PM   
Guest
In ISA 2000 when you create the Private B2B network, you make the internal ISA a member of the internal Active Directory Domain, what would now happen if all you need is one ISA with many Networks?. How would this affect security and how would you be confident that if one network is hacked, the other won't bearing in mind that before I use firewall and routing chaining. Would chaining still be possible and secure.

Thanks.

Jimmy

(in reply to tshinder)
  Post #: 45
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 10:54:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by kevin.miller:
Does the BETA support RADIUS passthrough? I have been trying to set up a back-to-back VPN, and would like to have the users use their information when VPN into the first firewall. ISA 2000 does not provide that capability. Using RADIUS for authentication would have a large burden lifted off my back. Thank you in advance.

Hi Kevin,

That's a great question! I'll put that on my list of things to test out. I hadn't thought of that one.

Thanks!
Tom

(in reply to tshinder)
Post #: 46
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 10:58:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by Linke Loe:
I have a permanent VPN connection with a friend of mine (PPTP), but I can't seem to produce any kind of traffic on the VPN. When I look in Routing and Remote Access, I can see my friend is connected, he gets an IP (wich is defined in my internal network), but I can't ping that IP, nor an IP on his internal network.

What should I do to get VPN working?

I also try to publish my OWA 2003 by SSL-bridging, but the way web publishing is set up has changed a lot too. Will you do an article about this one too?

Hi Linke,

You doing this on an ISA2004 machine?

Thanks!
Tom

(in reply to tshinder)
Post #: 47
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 10:59:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by andifur:
Looking over the boards here the last couple of years. I think I may have taken ISA 2000 to whole new hights. 4 LB (Stonesoft) servers, 9 public DMZ's and 2 private DMZ's (business links). Been working great for about a year now. all servers up for 6 months.

ISA-04 looks great. I like the ability to create relations. That is one thing that ISA-00 was missing.

IP-Sec! THANK GOD... Why such the delay. The problem now is everyone is moving from 3des to AES-256. Gota stay on top of this.

I am going to create a test lab with our DMZ's. I sure hope 04 will work they way I want it to. Its going to take a whie to get used to the way things work now.

I am a big Microsoft fan, (Well sort of) but I have to say. Its great to see them actually listen to their customers on the boards.

the import/export is going to be great for all 4 servers. I LOVE the ability to delegate controll and also the save/discard tool. KEY!

Well ack to hammering away at it. Hopefull I get the hang of it real soon.

Hi Anthony,

Sounds like you have a killer ISA2000 setup! Can't wait to see what you do with ISA2004.

Thanks!
Tom

(in reply to tshinder)
Post #: 48
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 11:01:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by <jimmy>:
In ISA 2000 when you create the Private B2B network, you make the internal ISA a member of the internal Active Directory Domain, what would now happen if all you need is one ISA with many Networks?. How would this affect security and how would you be confident that if one network is hacked, the other won't bearing in mind that before I use firewall and routing chaining. Would chaining still be possible and secure.

Thanks.

Jimmy

Hi Jimmy,

Back to back with Web Proxy and Firewall chaining is still more secure than a single firewall with multiple interfaces. However, a single ISA2004 can provided better DMZ support than a single ISA2000.

Thanks!
Tom

(in reply to tshinder)
Post #: 49
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 11:47:00 PM   
Guest
Hi Tom,

In the previous verson of ISA, when one created a B2B Private network, you use 2 ISAs. From what I have gathered so far, one ISA2004 will do the job. What happens to the firewall and
routing chaining. What happens if when any of the 3 networks (External, Internal and DMZ) get hacked, wont that affect the others. If you can do firewall chaining, whose users are you going to use. Would this really be secured?

How do you configure the interfaces is it going to be like before? What about VPN using certisicate? Do you still disable the Certificate Services or it won't matter any more

Thanks.

Samson
Thanks.

(in reply to tshinder)
  Post #: 50
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 1:04:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Samson,

A back to back will always be more secure than a single device with multiple interfaces. Web and Firewall chaining make it even better.

HTH,
Tom

(in reply to tshinder)
Post #: 51
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 2:37:00 AM   
Justin

 

Posts: 13
Joined: 22.Feb.2002
Status: offline
Any word on UPnP support or perhaps the firewall client supporting MSN Messenger better? Kinda sad that we cant do video conferencing with messenger thru a MS firewall but can trhough a <$100 cable router.

Justin

(in reply to tshinder)
Post #: 52
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 3:25:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Justin,

No word on it yet, but they are aware that this is a *very popular* request!

Thanks!
Tom

(in reply to tshinder)
Post #: 53
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 9:05:00 AM   
Guest
Hi Tom,

How would VPN be created in a B2B Priviate network. I am very interested in setting this up now so that the big men will begin to appreciate my recommendation and make the money available when the final version of ISA2004 is released. But i must get it right. I will prefer to us 2 ISAs.

Thanks.

Samson

(in reply to tshinder)
  Post #: 54
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 9:21:00 AM   
Linke Loe

 

Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
quote:
Originally posted by tshinder:
quote:
Originally posted by Linke Loe:
I have a permanent VPN connection with a friend of mine (PPTP), but I can't seem to produce any kind of traffic on the VPN. When I look in Routing and Remote Access, I can see my friend is connected, he gets an IP (wich is defined in my internal network), but I can't ping that IP, nor an IP on his internal network.

What should I do to get VPN working?

I also try to publish my OWA 2003 by SSL-bridging, but the way web publishing is set up has changed a lot too. Will you do an article about this one too?

Hi Linke,

You doing this on an ISA2004 machine?

Thanks!
Tom

What do you mean by 'this'? The VPN or the OWA publishing?

Under ISA 2000 the VPN was no problem, but I can't get it working under ISA 2004. It's just to test things out, before we consider building an IPsec tunnel. Also when I'm on the road, I would like to make a VPN connection to my network. The connection is there, I get an IP-address, but there's no traffic. Should the range of IP-addresses for VPN clients be within the defined internal network, or should I create a separate network for VPN clients?

For the OWA publishing under ISA 2000 I followed your article regarding SSL-bridging, but thins have changed a lot, so I was wondering if there will be an article about SSL-bridging and OWA on ISA 2004.

[ January 30, 2004, 09:31 AM: Message edited by: Linke Loe ]

(in reply to tshinder)
Post #: 55
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 12:15:00 PM   
mnemonic

 

Posts: 4
Joined: 30.Aug.2002
Status: offline
Hello.

Quarantined mode work with client who have connection manager create only with CMAK? and was it worked if I create connection manually?

Thanks

(in reply to tshinder)
Post #: 56
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 5:02:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by <samson>:
Hi Tom,

How would VPN be created in a B2B Priviate network. I am very interested in setting this up now so that the big men will begin to appreciate my recommendation and make the money available when the final version of ISA2004 is released. But i must get it right. I will prefer to us 2 ISAs.

Thanks.

Samson

Hi Samson,

ISA2004 will do site to site links with any other VPN gateway device now. It supports PPTP, L2TP/IPSec and IPSec tunnel mode. Very cool! I'll do a tutorial on it in the near future, but until then, check out the solution docs on the MS ISA2004 page, there is some info on how to create the site to site links there.

HTH,
Tom

(in reply to tshinder)
Post #: 57
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 5:05:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by Linke Loe:
quote:
Originally posted by tshinder:
quote:
Originally posted by Linke Loe:
I have a permanent VPN connection with a friend of mine (PPTP), but I can't seem to produce any kind of traffic on the VPN. When I look in Routing and Remote Access, I can see my friend is connected, he gets an IP (wich is defined in my internal network), but I can't ping that IP, nor an IP on his internal network.

What should I do to get VPN working?

I also try to publish my OWA 2003 by SSL-bridging, but the way web publishing is set up has changed a lot too. Will you do an article about this one too?

Hi Linke,

You doing this on an ISA2004 machine?

Thanks!
Tom

What do you mean by 'this'? The VPN or the OWA publishing?

Under ISA 2000 the VPN was no problem, but I can't get it working under ISA 2004. It's just to test things out, before we consider building an IPsec tunnel. Also when I'm on the road, I would like to make a VPN connection to my network. The connection is there, I get an IP-address, but there's no traffic. Should the range of IP-addresses for VPN clients be within the defined internal network, or should I create a separate network for VPN clients?

For the OWA publishing under ISA 2000 I followed your article regarding SSL-bridging, but thins have changed a lot, so I was wondering if there will be an article about SSL-bridging and OWA on ISA 2004.

Hi Linke,

I wasn't sure if you were doing this in ISA2004, but it sounds like you are. The site to site stuff is quite different in ISA2004. I'll be doing a tutorial on this in the near future, but until then check out the MS solution docs on the ISA2004 page on the MS site.

I will be publishing a doc today on how to use a Wildcard cert with ISA2004 and there will be some info on OWA publishing.

Stay tuned!
Thanks!
Tom

(in reply to tshinder)
Post #: 58
RE: Discussion of the Getting Started with ISA2004 article - 30.Jan.2004 5:07:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by mnemonic:
Hello.

Quarantined mode work with client who have connection manager create only with CMAK? and was it worked if I create connection manually?

Thanks

Hi Memory,

You'll have to use the CMAK from what I understand.

HTH,
Tom

(in reply to tshinder)
Post #: 59
RE: Discussion of the Getting Started with ISA2004 article - 31.Jan.2004 12:06:00 AM   
Linke Loe

 

Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
quote:
Originally posted by tshinder:
quote:
Originally posted by Linke Loe:
quote:
Originally posted by tshinder:
quote:
Originally posted by Linke Loe:
I have a permanent VPN connection with a friend of mine (PPTP), but I can't seem to produce any kind of traffic on the VPN. When I look in Routing and Remote Access, I can see my friend is connected, he gets an IP (wich is defined in my internal network), but I can't ping that IP, nor an IP on his internal network.

What should I do to get VPN working?

I also try to publish my OWA 2003 by SSL-bridging, but the way web publishing is set up has changed a lot too. Will you do an article about this one too?

Hi Linke,

You doing this on an ISA2004 machine?

Thanks!
Tom

What do you mean by 'this'? The VPN or the OWA publishing?

Under ISA 2000 the VPN was no problem, but I can't get it working under ISA 2004. It's just to test things out, before we consider building an IPsec tunnel. Also when I'm on the road, I would like to make a VPN connection to my network. The connection is there, I get an IP-address, but there's no traffic. Should the range of IP-addresses for VPN clients be within the defined internal network, or should I create a separate network for VPN clients?

For the OWA publishing under ISA 2000 I followed your article regarding SSL-bridging, but thins have changed a lot, so I was wondering if there will be an article about SSL-bridging and OWA on ISA 2004.

Hi Linke,

I wasn't sure if you were doing this in ISA2004, but it sounds like you are. The site to site stuff is quite different in ISA2004. I'll be doing a tutorial on this in the near future, but until then check out the MS solution docs on the ISA2004 page on the MS site.

I will be publishing a doc today on how to use a Wildcard cert with ISA2004 and there will be some info on OWA publishing.

Stay tuned!
Thanks!
Tom

Thanks Tom. I'll take a look at the MS site for the site to site VPN and i'll wait for your articles...

(in reply to tshinder)
Post #: 60

Page:   <<   < prev  1 2 [3] 4   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> RE: Discussion of the Getting Started with ISA2004 article Page: <<   < prev  1 2 [3] 4   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts