ISATAP is a bit of a double edged sword – it solves a lot of problems (or at least puts them off until later) and creates a bunch of new ones.
In this article, Jason Jones shows you a clever method you can use to make sure that only manage out workstations and servers are allowed to use ISATAP to initiate new connections to DirectAccess hosts on the Internet.
Great article – highly recommended – check it out!
http://blog.msedge.org.uk/2011/11/limiting-isatap-services-to-uag.html
HTH,
Deb
DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)
“MS SECURITY”
[email protected]