Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ISA routing table issue

Posted on 2007-03-21
4
Medium Priority
?
429 Views
Last Modified: 2011-10-03
Having major issues with ISA  (vpn)  set up seemd straigh forward enough and we do get spells where it all works
I get the recurring error

14147
ISA server detected routes through privatecard that do not corelate with the network element to which the adapter belongs. for best practice...etc


two network cards in the box  one private (10.x.x.x. connected to our network the second public (83.x.x.x card connected directly to the internet.

I have used the wizards, entered address in manually all sorts of stuff but keep getting these errors, flushing the route table repairs it all for a short while.

I do notic ethat if i ente rth eprivate card in Isa it shows public ip address and vice versa.  carda re correct.
windows 2003  two nics  ISA 2004 standard. using radius

and idiot guide or pointers? as to whats i have done wrong..
0
Comment
Question by:mhamer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18769693
I'll assume you have installed isa sp2 and the post-sp2 rollup patches etc already.

Check out the addresses in configuration - networks - internal - properties - addresses. Are all of these ONLY available through the internal nic?

What address ip ranges are available once the VPN is setup - through the vpn etc?
0
 

Author Comment

by:mhamer
ID: 18771474
yes SP2 and hotfixes are on (although just the other day.

the priv

has an ip of 10.20.20.20   and pub has 83.100.?.?

the network

internal  10.0.0.0 10.255.255.255
172.16..0.0    172.31.255.25
192.168.0.0-192.168.255



also on this screen if i choose to add an adapter  this is what shows up as i highlight each adapter

internal nic  
10.20.0.0  10.20.255.255
10.20.103.218 - 10.20.255.255
10.255.255.255 - 10.255.255.255


externalcard
0.0.0.1 - 10.19.255.255
10.21.0.0- 10.255.255.255
11.0.0.0 - 126.255.255.255
128.0.0.0 -223.255.255.255
240.0.0.0 - 255.255.255.224


most of these have not knowingly being entered anywhere.

10.20.103  is our normal network dhcp range

and we do have subnetx of 172 and 192 on the network as well as the 10.


once connected the vpn should allow access to all the 10.0.0.0 address;s
172 and 192 are in use but we dont care if the vpn cant see them  there lelegacy sites  connected by a diffrent vpn (novell)  the box im talking about is standalone and doesnt go via any of teh other site to site vpns we have.  
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1500 total points
ID: 18773727
There is your issue I think.

You have 10.20.0.0 /16 on the internal card
you then have an intrnal range that is already covered by the above 10.20.0.0
THEN you have an entry for the 10.0.0.0 network for all broadcasts
but your external adapter is overlapping

10.21.0.0 - 10.255.255.255 -
remove the 2nd and 3rd entries from the internal card.

Don't add anything to external. All addresses not listed in the external nic are automatically included in the external. Internal should also include the 192 and 172 entries.

So, effectively, all subnets that are addressable through the internal ISA nic should be in the internal LAT table. (configuration - networks - internal -properties - address). ALL ip's that have to be accessed through the external nic should not be listed at all as they are included automatically because they are NOT listed in the internal LAT.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19412908
Thanks :)
0

Featured Post

ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question