Solved

Configuration Error on ISA Server

Posted on 2008-06-16
7
587 Views
Last Modified: 2011-10-03
I'm getting this alert on my ISA Server 2004 Please help
 
Thanks
Alert Information 

Description: ISA Server detected routes through adapter LAN that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.)  The address ranges in conflict are: 10.1.1.0-10.1.1.0;.

<br>ISA Server detected routes through adapter WAN-DMZ that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.)  The address ranges in conflict are: 10.1.1.0-10.1.1.0;10.255.255.255-10.255.255.255;.

Open in new window

0
Comment
Question by:edmund7s
  • 3
  • 2
7 Comments
 
LVL 6

Expert Comment

by:Nyah247
Comment Utility
You have some routes configured on your adapter that are or are not configured in your ISA Network settings.  Go to the cmd and type route /print then look at your persistent routes.  You should have all your internal ranges listed. These should also appear in your configuration under networks and include the full range (i.e. 192.168.0.0-192.168.0.255).  

There are sometimes when these messages can be ignored.  For example, I exclude the broadcast addresses of each range within my internal network configuration in ISA.  I will list (192.168.0.1-192.168.0.254) and since I leave out a portion of the range it will generate the error.
0
 
LVL 1

Author Comment

by:edmund7s
Comment Utility
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     xxx.xxxx.x.x    xxx.xxxx.x.x      1
         10.1.1.0    255.255.255.0         10.1.1.1         10.1.1.1     20
         10.1.1.1  255.255.255.255        127.0.0.1        127.0.0.1     20
   10.255.255.255  255.255.255.255         10.1.1.1         10.1.1.1     20
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
     xxx.xxxx.x.x    255.255.255.0    xxx.xxxx.x.x    xxx.xxxx.x.x     10
    xxx.xxxx.x.x  255.255.255.255        127.0.0.1        127.0.0.1     10
   xxx.xxxx.x.x  255.255.255.255    xxx.xxxx.x.x    xxx.xxxx.x.x     10
        224.0.0.0        240.0.0.0         10.1.1.1         10.1.1.1     20
        224.0.0.0        240.0.0.0   xxx.xxxx.x.x    xxx.xxxx.x.x     10
  255.255.255.255  255.255.255.255         10.1.1.1         10.1.1.1      1
  255.255.255.255  255.255.255.255    xxx.xxxx.x.x    xxx.xxxx.x.x     1
Default Gateway:      xxx.xxxx.x.x
===========================================================================
Persistent Routes:
  None
0
 
LVL 6

Expert Comment

by:Nyah247
Comment Utility
How many nics do you have and what do you have as their gateway and dns (internal or ISP)?
0
 
LVL 1

Author Comment

by:edmund7s
Comment Utility
I have 2 NICS and their gateway and internal DNS is 10.1.1.1
0
 
LVL 6

Accepted Solution

by:
Nyah247 earned 500 total points
Comment Utility
Your internal nic should not have a gateway...only your external/dmz nic.  That is where the persistent routes come in.  As for DNS settings...you should onlya have DNS on internal and the server entry on the external/dmz nic should be blank.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
WMI on TMG 2010 5 1,842
tmg evaluation 10 537
OWA (external) domain prefix removal 2 40
Office 365 2 Way Password synchronisation 2 86
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now