Solved

Configuration Error on ISA Server

Posted on 2008-06-16
7
595 Views
Last Modified: 2011-10-03
I'm getting this alert on my ISA Server 2004 Please help
 
Thanks
Alert Information 
Description: ISA Server detected routes through adapter LAN that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.)  The address ranges in conflict are: 10.1.1.0-10.1.1.0;.
<br>ISA Server detected routes through adapter WAN-DMZ that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.)  The address ranges in conflict are: 10.1.1.0-10.1.1.0;10.255.255.255-10.255.255.255;.

Open in new window

0
Comment
Question by:edmund7s
  • 3
  • 2
7 Comments
 
LVL 6

Expert Comment

by:Nyah247
ID: 21798776
You have some routes configured on your adapter that are or are not configured in your ISA Network settings.  Go to the cmd and type route /print then look at your persistent routes.  You should have all your internal ranges listed. These should also appear in your configuration under networks and include the full range (i.e. 192.168.0.0-192.168.0.255).  

There are sometimes when these messages can be ignored.  For example, I exclude the broadcast addresses of each range within my internal network configuration in ISA.  I will list (192.168.0.1-192.168.0.254) and since I leave out a portion of the range it will generate the error.
0
 
LVL 1

Author Comment

by:edmund7s
ID: 21808009
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     xxx.xxxx.x.x    xxx.xxxx.x.x      1
         10.1.1.0    255.255.255.0         10.1.1.1         10.1.1.1     20
         10.1.1.1  255.255.255.255        127.0.0.1        127.0.0.1     20
   10.255.255.255  255.255.255.255         10.1.1.1         10.1.1.1     20
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
     xxx.xxxx.x.x    255.255.255.0    xxx.xxxx.x.x    xxx.xxxx.x.x     10
    xxx.xxxx.x.x  255.255.255.255        127.0.0.1        127.0.0.1     10
   xxx.xxxx.x.x  255.255.255.255    xxx.xxxx.x.x    xxx.xxxx.x.x     10
        224.0.0.0        240.0.0.0         10.1.1.1         10.1.1.1     20
        224.0.0.0        240.0.0.0   xxx.xxxx.x.x    xxx.xxxx.x.x     10
  255.255.255.255  255.255.255.255         10.1.1.1         10.1.1.1      1
  255.255.255.255  255.255.255.255    xxx.xxxx.x.x    xxx.xxxx.x.x     1
Default Gateway:      xxx.xxxx.x.x
===========================================================================
Persistent Routes:
  None
0
 
LVL 6

Expert Comment

by:Nyah247
ID: 21808507
How many nics do you have and what do you have as their gateway and dns (internal or ISP)?
0
 
LVL 1

Author Comment

by:edmund7s
ID: 21808687
I have 2 NICS and their gateway and internal DNS is 10.1.1.1
0
 
LVL 6

Accepted Solution

by:
Nyah247 earned 500 total points
ID: 21902750
Your internal nic should not have a gateway...only your external/dmz nic.  That is where the persistent routes come in.  As for DNS settings...you should onlya have DNS on internal and the server entry on the external/dmz nic should be blank.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question