Solved

ISA routing table issue

Posted on 2007-03-21
4
386 Views
Last Modified: 2011-10-03
Having major issues with ISA  (vpn)  set up seemd straigh forward enough and we do get spells where it all works
I get the recurring error

14147
ISA server detected routes through privatecard that do not corelate with the network element to which the adapter belongs. for best practice...etc


two network cards in the box  one private (10.x.x.x. connected to our network the second public (83.x.x.x card connected directly to the internet.

I have used the wizards, entered address in manually all sorts of stuff but keep getting these errors, flushing the route table repairs it all for a short while.

I do notic ethat if i ente rth eprivate card in Isa it shows public ip address and vice versa.  carda re correct.
windows 2003  two nics  ISA 2004 standard. using radius

and idiot guide or pointers? as to whats i have done wrong..
0
Comment
Question by:mhamer
  • 3
4 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18769693
I'll assume you have installed isa sp2 and the post-sp2 rollup patches etc already.

Check out the addresses in configuration - networks - internal - properties - addresses. Are all of these ONLY available through the internal nic?

What address ip ranges are available once the VPN is setup - through the vpn etc?
0
 

Author Comment

by:mhamer
ID: 18771474
yes SP2 and hotfixes are on (although just the other day.

the priv

has an ip of 10.20.20.20   and pub has 83.100.?.?

the network

internal  10.0.0.0 10.255.255.255
172.16..0.0    172.31.255.25
192.168.0.0-192.168.255



also on this screen if i choose to add an adapter  this is what shows up as i highlight each adapter

internal nic  
10.20.0.0  10.20.255.255
10.20.103.218 - 10.20.255.255
10.255.255.255 - 10.255.255.255


externalcard
0.0.0.1 - 10.19.255.255
10.21.0.0- 10.255.255.255
11.0.0.0 - 126.255.255.255
128.0.0.0 -223.255.255.255
240.0.0.0 - 255.255.255.224


most of these have not knowingly being entered anywhere.

10.20.103  is our normal network dhcp range

and we do have subnetx of 172 and 192 on the network as well as the 10.


once connected the vpn should allow access to all the 10.0.0.0 address;s
172 and 192 are in use but we dont care if the vpn cant see them  there lelegacy sites  connected by a diffrent vpn (novell)  the box im talking about is standalone and doesnt go via any of teh other site to site vpns we have.  
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 18773727
There is your issue I think.

You have 10.20.0.0 /16 on the internal card
you then have an intrnal range that is already covered by the above 10.20.0.0
THEN you have an entry for the 10.0.0.0 network for all broadcasts
but your external adapter is overlapping

10.21.0.0 - 10.255.255.255 -
remove the 2nd and 3rd entries from the internal card.

Don't add anything to external. All addresses not listed in the external nic are automatically included in the external. Internal should also include the 192 and 172 entries.

So, effectively, all subnets that are addressable through the internal ISA nic should be in the internal LAT table. (configuration - networks - internal -properties - address). ALL ip's that have to be accessed through the external nic should not be listed at all as they are included automatically because they are NOT listed in the internal LAT.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19412908
Thanks :)
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now