Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

ISA routing table issue

Posted on 2007-03-21
4
413 Views
Last Modified: 2011-10-03
Having major issues with ISA  (vpn)  set up seemd straigh forward enough and we do get spells where it all works
I get the recurring error

14147
ISA server detected routes through privatecard that do not corelate with the network element to which the adapter belongs. for best practice...etc


two network cards in the box  one private (10.x.x.x. connected to our network the second public (83.x.x.x card connected directly to the internet.

I have used the wizards, entered address in manually all sorts of stuff but keep getting these errors, flushing the route table repairs it all for a short while.

I do notic ethat if i ente rth eprivate card in Isa it shows public ip address and vice versa.  carda re correct.
windows 2003  two nics  ISA 2004 standard. using radius

and idiot guide or pointers? as to whats i have done wrong..
0
Comment
Question by:mhamer
  • 3
4 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18769693
I'll assume you have installed isa sp2 and the post-sp2 rollup patches etc already.

Check out the addresses in configuration - networks - internal - properties - addresses. Are all of these ONLY available through the internal nic?

What address ip ranges are available once the VPN is setup - through the vpn etc?
0
 

Author Comment

by:mhamer
ID: 18771474
yes SP2 and hotfixes are on (although just the other day.

the priv

has an ip of 10.20.20.20   and pub has 83.100.?.?

the network

internal  10.0.0.0 10.255.255.255
172.16..0.0    172.31.255.25
192.168.0.0-192.168.255



also on this screen if i choose to add an adapter  this is what shows up as i highlight each adapter

internal nic  
10.20.0.0  10.20.255.255
10.20.103.218 - 10.20.255.255
10.255.255.255 - 10.255.255.255


externalcard
0.0.0.1 - 10.19.255.255
10.21.0.0- 10.255.255.255
11.0.0.0 - 126.255.255.255
128.0.0.0 -223.255.255.255
240.0.0.0 - 255.255.255.224


most of these have not knowingly being entered anywhere.

10.20.103  is our normal network dhcp range

and we do have subnetx of 172 and 192 on the network as well as the 10.


once connected the vpn should allow access to all the 10.0.0.0 address;s
172 and 192 are in use but we dont care if the vpn cant see them  there lelegacy sites  connected by a diffrent vpn (novell)  the box im talking about is standalone and doesnt go via any of teh other site to site vpns we have.  
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 18773727
There is your issue I think.

You have 10.20.0.0 /16 on the internal card
you then have an intrnal range that is already covered by the above 10.20.0.0
THEN you have an entry for the 10.0.0.0 network for all broadcasts
but your external adapter is overlapping

10.21.0.0 - 10.255.255.255 -
remove the 2nd and 3rd entries from the internal card.

Don't add anything to external. All addresses not listed in the external nic are automatically included in the external. Internal should also include the 192 and 172 entries.

So, effectively, all subnets that are addressable through the internal ISA nic should be in the internal LAT table. (configuration - networks - internal -properties - address). ALL ip's that have to be accessed through the external nic should not be listed at all as they are included automatically because they are NOT listed in the internal LAT.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19412908
Thanks :)
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question