Comments on: Using ISA Server to Extend Server and Domain Isolation Interoperability http://blogs.isaserver.org/shinder/2007/01/24/using-isa-server-to-extend-server-and-domain-isolation-interoperability/ Written by Dr Thomas W Shinder, consultant to Microsoft, HP and many Fortune 500 companies on ISA firewall and Web proxy deployments this blog is where administrators get information about ISA Server Universal Threat Management firewalls. Topics include how to manage, deploy, and troubleshoot ISA Server as a network firewall, Web proxy/Web cache, remote access VPN server and VPN gateway to provide a high level of network security for all corporate computers. Thu, 4 Dec 2008 20:30:42 +0000 http://wordpress.org/?v=MU by: Thomas Shinder http://blogs.isaserver.org/shinder/2007/01/24/using-isa-server-to-extend-server-and-domain-isolation-interoperability/#comment-199032 Wed, 30 Jul 2008 13:27:21 +0000 http://blogs.isaserver.org/shinder/2007/01/24/using-isa-server-to-extend-server-and-domain-isolation-interoperability/#comment-199032 Hi Matthew, I have that document. Send me a note at tshinder@isaserver.org and I'll send it to you. Thanks! Tom Hi Matthew,

I have that document. Send me a note at tshinder@isaserver.org and I’ll send it to you.
Thanks!
Tom

]]> by: Matthew Morris http://blogs.isaserver.org/shinder/2007/01/24/using-isa-server-to-extend-server-and-domain-isolation-interoperability/#comment-199017 Wed, 30 Jul 2008 09:28:22 +0000 http://blogs.isaserver.org/shinder/2007/01/24/using-isa-server-to-extend-server-and-domain-isolation-interoperability/#comment-199017 Gudday Tom, Does anyone know where this article has gone?... If not maybe I can request some knowledge from the ISA expert. I'm trying to see if I can extend domain isolation for Vista Laptop clients that use an SSL VPN for termination (unfortunately I didn't have a choice) to then pass through the ISA server into the domain zone based upon authenticated domain isolation policies tied to certificate based IPSEC (Especially AD which is 2008). This way I can allow full domain access to long term remote access laptops while maintaining the integrity of the network via User certs - SSL vpn and device certs - ipsec domain isolation.... This approach should minimise the session cookie risk of the SSL VPN as you would also need a domain device cert for the ipsec into the domain environment.... Any thoughts you have on this would be very greatly appreciated. Best Regards Matthew Morris Gudday Tom,

Does anyone know where this article has gone?…

If not maybe I can request some knowledge from the ISA expert.

I’m trying to see if I can extend domain isolation for Vista Laptop clients that use an SSL VPN for termination (unfortunately I didn’t have a choice) to then pass through the ISA server into the domain zone based upon authenticated domain isolation policies tied to certificate based IPSEC (Especially AD which is 2008). This way I can allow full domain access to long term remote access laptops while maintaining the integrity of the network via User certs - SSL vpn and device certs - ipsec domain isolation….

This approach should minimise the session cookie risk of the SSL VPN as you would also need a domain device cert for the ipsec into the domain environment….

Any thoughts you have on this would be very greatly appreciated.

Best Regards

Matthew Morris

]]>