Solved

ISA routing table issue

Posted on 2007-03-21
4
425 Views
Last Modified: 2011-10-03
Having major issues with ISA  (vpn)  set up seemd straigh forward enough and we do get spells where it all works
I get the recurring error

14147
ISA server detected routes through privatecard that do not corelate with the network element to which the adapter belongs. for best practice...etc


two network cards in the box  one private (10.x.x.x. connected to our network the second public (83.x.x.x card connected directly to the internet.

I have used the wizards, entered address in manually all sorts of stuff but keep getting these errors, flushing the route table repairs it all for a short while.

I do notic ethat if i ente rth eprivate card in Isa it shows public ip address and vice versa.  carda re correct.
windows 2003  two nics  ISA 2004 standard. using radius

and idiot guide or pointers? as to whats i have done wrong..
0
Comment
Question by:mhamer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18769693
I'll assume you have installed isa sp2 and the post-sp2 rollup patches etc already.

Check out the addresses in configuration - networks - internal - properties - addresses. Are all of these ONLY available through the internal nic?

What address ip ranges are available once the VPN is setup - through the vpn etc?
0
 

Author Comment

by:mhamer
ID: 18771474
yes SP2 and hotfixes are on (although just the other day.

the priv

has an ip of 10.20.20.20   and pub has 83.100.?.?

the network

internal  10.0.0.0 10.255.255.255
172.16..0.0    172.31.255.25
192.168.0.0-192.168.255



also on this screen if i choose to add an adapter  this is what shows up as i highlight each adapter

internal nic  
10.20.0.0  10.20.255.255
10.20.103.218 - 10.20.255.255
10.255.255.255 - 10.255.255.255


externalcard
0.0.0.1 - 10.19.255.255
10.21.0.0- 10.255.255.255
11.0.0.0 - 126.255.255.255
128.0.0.0 -223.255.255.255
240.0.0.0 - 255.255.255.224


most of these have not knowingly being entered anywhere.

10.20.103  is our normal network dhcp range

and we do have subnetx of 172 and 192 on the network as well as the 10.


once connected the vpn should allow access to all the 10.0.0.0 address;s
172 and 192 are in use but we dont care if the vpn cant see them  there lelegacy sites  connected by a diffrent vpn (novell)  the box im talking about is standalone and doesnt go via any of teh other site to site vpns we have.  
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 18773727
There is your issue I think.

You have 10.20.0.0 /16 on the internal card
you then have an intrnal range that is already covered by the above 10.20.0.0
THEN you have an entry for the 10.0.0.0 network for all broadcasts
but your external adapter is overlapping

10.21.0.0 - 10.255.255.255 -
remove the 2nd and 3rd entries from the internal card.

Don't add anything to external. All addresses not listed in the external nic are automatically included in the external. Internal should also include the 192 and 172 entries.

So, effectively, all subnets that are addressable through the internal ISA nic should be in the internal LAT table. (configuration - networks - internal -properties - address). ALL ip's that have to be accessed through the external nic should not be listed at all as they are included automatically because they are NOT listed in the internal LAT.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19412908
Thanks :)
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question