I have a quick question about ISA 2004 and it's ability to service multiple networks.
My situation is that I want to have 3 networks behind a single ISA 2004 Server. I also want to apply separate Access Policies to these networks, which from what I can see is quite possible. The problem is, each of the 3 networks are using separate domains, all having their own AD, DC's etc... totally independent. So, can ISA 2004 authenticate and apply 'Access Policies' to multiple domain users? How can I create a 'User Set' which contains users from different domains? The 'New User Set Wizard' suggests to me it's possible, but I can't add a user from a Domain that the ISA 2004 Server isn't a member of.
You can create external trusts among the domains and join the firewall to one of those domains, or join the ISA firewall to its own domain, and then create a one-way trust between the ISA firewall domain and the other domains.
However, since each domain represents its own security zone, each would benefit from having a firewall on its own edge.