[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ISA 2004 routing problem

Posted on 2007-07-25
9
Medium Priority
?
297 Views
Last Modified: 2008-11-17
I have recently inherited a network a client site to support. the setup is 2003 enterprise, with two network cards. one cooneted to the router the other to the private network. THis box hosts IIS 6.0, excahnge 2003, and has ISA 2004 installed. I have never worked on a server with everything on it at once so i am a bit confused.

Every few hours the ISA server starts giving the following errors

ISA Server detected a proxy chain loop. There is a problem with the configuration of the ISA Server routing policy.

followed by

ISA Server detected routes through the network adapter Internet that do not correlate with the network to which this network adapter belongs. When networks are configured correctly, the IP address ranges included in each array-level network must include all IP addresses that are routable through its network adapters according to their routing tables. Otherwise valid packets may be dropped as spoofed. The following ranges are included in the network's IP address ranges but are not routable through any of the network's adapters: 0.0.0.1-126.255.255.255;128.0.0.0-192.167.255.255;192.169.0.0-217.155.26.255;217.155.28.0-223.255.255.255;240.0.0.0-255.255.255.254;. Note that this event may be generated once after you add a route, create a remote site network, or configure Network Load Balancing and may be safely ignored if it does not re-occur.

restarting the firewall bring the service back online.

the isa setup specifes the LAN card server as the internal network, Am i missing something obvious to change?

thanks in advance
0
Comment
Question by:Paul-Brooks
  • 4
  • 3
  • 2
9 Comments
 
LVL 1

Expert Comment

by:biggstrc
ID: 19567433
I would check the routing table on the ISA box.  Go to the command prompt and type "route print".  See if the network cards are set up the same way there as they are in ISA.  We had a problem where we told ISA one thing, but the routing table was set up to work differently.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1000 total points
ID: 19567461
ISA server is not a router so it does not have routing issues - it is the underlying operating system that provides this info to ISA Server.

Open the gui, select configuration - networks - internal (double click) and select properties addresses.

The only addresses in here MUST be ip addresses that are connected or accessible through the INTERNAL isa nic. This includes all network ID's and broadcast addresses.

For example, if you have 192.168.5.x on the inside which connects to an internal router which had 172.30.16.x on the other side, you would enter both of these into the LAT (local address table) as:
192.168.5.0 - 192.168.5.255
172.30.16.0 - 172.30.16.255
Anything specifically NOT in the LAT is treated as external.
It sounds very much like when it was set up someone has hit the autofill button on the card rather than manually filling in the correct details.

Keith
0
 

Author Comment

by:Paul-Brooks
ID: 19573173
thanks keith, as you suspected the autofill had been selcected, i have changed the lan card to corespond to the addresses we use and so far so good. only time will tell if it stays stable but its looking ok.

thanks for you help
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19573594
Thanks Paul.

I'll leave you to update the call as necessary. If you decide the call is complete then just use the accept button next to the answer you wish to adopt and the call can be closed. No hurry but needs to be within 21 days (even if it is just an update) else the Moderators will start hounding you.

Regards
Keith
ISA MVP
0
 

Author Comment

by:Paul-Brooks
ID: 19610660
we are still getting the above error, however isa keeps going into a loop

it is writing the following message

ISA Server detected a proxy chain loop. There is a problem with the configuration of the ISA Server routing policy

any ideas?

thanks
0
 
LVL 1

Expert Comment

by:biggstrc
ID: 19610789
Have you checked the routing table in Windows?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19611662
0
 

Author Comment

by:Paul-Brooks
ID: 19637208
the server has now been stable for 5 days, problem solved. Thanks
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19639757
Thanks :)
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question