Solved

ISA routing table issue

Posted on 2007-03-21
4
405 Views
Last Modified: 2011-10-03
Having major issues with ISA  (vpn)  set up seemd straigh forward enough and we do get spells where it all works
I get the recurring error

14147
ISA server detected routes through privatecard that do not corelate with the network element to which the adapter belongs. for best practice...etc


two network cards in the box  one private (10.x.x.x. connected to our network the second public (83.x.x.x card connected directly to the internet.

I have used the wizards, entered address in manually all sorts of stuff but keep getting these errors, flushing the route table repairs it all for a short while.

I do notic ethat if i ente rth eprivate card in Isa it shows public ip address and vice versa.  carda re correct.
windows 2003  two nics  ISA 2004 standard. using radius

and idiot guide or pointers? as to whats i have done wrong..
0
Comment
Question by:mhamer
  • 3
4 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18769693
I'll assume you have installed isa sp2 and the post-sp2 rollup patches etc already.

Check out the addresses in configuration - networks - internal - properties - addresses. Are all of these ONLY available through the internal nic?

What address ip ranges are available once the VPN is setup - through the vpn etc?
0
 

Author Comment

by:mhamer
ID: 18771474
yes SP2 and hotfixes are on (although just the other day.

the priv

has an ip of 10.20.20.20   and pub has 83.100.?.?

the network

internal  10.0.0.0 10.255.255.255
172.16..0.0    172.31.255.25
192.168.0.0-192.168.255



also on this screen if i choose to add an adapter  this is what shows up as i highlight each adapter

internal nic  
10.20.0.0  10.20.255.255
10.20.103.218 - 10.20.255.255
10.255.255.255 - 10.255.255.255


externalcard
0.0.0.1 - 10.19.255.255
10.21.0.0- 10.255.255.255
11.0.0.0 - 126.255.255.255
128.0.0.0 -223.255.255.255
240.0.0.0 - 255.255.255.224


most of these have not knowingly being entered anywhere.

10.20.103  is our normal network dhcp range

and we do have subnetx of 172 and 192 on the network as well as the 10.


once connected the vpn should allow access to all the 10.0.0.0 address;s
172 and 192 are in use but we dont care if the vpn cant see them  there lelegacy sites  connected by a diffrent vpn (novell)  the box im talking about is standalone and doesnt go via any of teh other site to site vpns we have.  
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 18773727
There is your issue I think.

You have 10.20.0.0 /16 on the internal card
you then have an intrnal range that is already covered by the above 10.20.0.0
THEN you have an entry for the 10.0.0.0 network for all broadcasts
but your external adapter is overlapping

10.21.0.0 - 10.255.255.255 -
remove the 2nd and 3rd entries from the internal card.

Don't add anything to external. All addresses not listed in the external nic are automatically included in the external. Internal should also include the 192 and 172 entries.

So, effectively, all subnets that are addressable through the internal ISA nic should be in the internal LAT table. (configuration - networks - internal -properties - address). ALL ip's that have to be accessed through the external nic should not be listed at all as they are included automatically because they are NOT listed in the internal LAT.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19412908
Thanks :)
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now