Re: Proxy for external users
From: SrChasJC (anonymous_at_discussions.microsoft.com)
Date: 03/30/04
- Next message: Sheila: "FTP/SSL issue"
- Previous message: James: "ISA Server / Terminal Services / IE Enhanced Security"
- In reply to: Tony Su: "Re: Proxy for external users"
- Next in thread: Tony Su: "Re: Proxy for external users"
- Reply: Tony Su: "Re: Proxy for external users"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 30 Mar 2004 13:03:26 -0800
Tony,
Do you think a tri-homed server with two of the
adapters in the LAT, then using client address sets of the
extranet user(s) for filtering may work? Then it seems you
could lock the users down with enough rules. Either way,
the firewall seems pointless, as there would be so many
possibilities for intrusion. Maybe another proxy only
product. Seems a much better configuration would be a VPN,
don't you agree? Then you could control them exactly like
they are on the internal network (cause they are!), and
control the routing as well. Then strong authentication,
certificates and all kinds of bounderies could be placed
on them.. The routing and remote access snapin for W2K is
strong.. SrChasJC
>-----Original Message-----
>I would guess this is possible by doing the following...
>
>2 NICS, each with a WAN address and a subnet defining
each
>address in a different network.
>
>>From there, assuming you're running ISA2K, it would then
>be a matter if you think you can configure your "LAN" NIC
>with sufficient security to restrict use to only your
>specified sites.
>
>I've been thinking about this configuration for a long
>time but never had the time to test how well it would
work.
>
>You'd also have the problem that unless you <really>
>lockdown the desktops/gateways of your remote sites,
Users
>will be able to bypass your controls. I'd been thinking
of
>this as mainly a voluntary configuration, it would take
>alot more work to make it a mandatory configuration (but
>possible).
>
>Tony Su
>
>
>
>
>
>
>>-----Original Message-----
>>This would only work if your sites were connected and
the
>remote users were
>>forced to use your internal ISA server as the web
proxy.
>You cannot proxy
>>from the external interface.
>>
>>--
>>J.C. Hornbeck, MCSE
>>Microsoft Product Support
>>
>>NOTE: Please reply to the newsgroup and not directly to
>me. This allows
>>others to add to and benefit from these threads and also
>helps to ensure a
>>more timely response. Thank you!
>>
>>This posting is provided "AS IS" without warranty either
>expressed or
>>implied, including, but not limited to, the implied
>warranties of
>>merchantability or fitness for a particular purpose.
>>
>>"Ari" <anonymous@discussions.microsoft.com> wrote in
>message
>>news:5CBD03F9-B07B-4A70-97A7-
5380C37625CB@microsoft.com...
>>> We have about 20 external sites with there own ISP,
ISA
>is set up in the
>>main site is it possible to make all sites to go trough
>the ISA server in
>>the main site (like entering an external proxy in there
>computers?)
>>>
>>> We just wana be able to control there internet
browsing.
>>>
>>> Any help is greatly appreciated.
>>
>>
>>.
>>
>.
>
- Next message: Sheila: "FTP/SSL issue"
- Previous message: James: "ISA Server / Terminal Services / IE Enhanced Security"
- In reply to: Tony Su: "Re: Proxy for external users"
- Next in thread: Tony Su: "Re: Proxy for external users"
- Reply: Tony Su: "Re: Proxy for external users"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
