Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Configuration Error on ISA Server

Posted on 2008-06-16
7
Medium Priority
?
609 Views
Last Modified: 2011-10-03
I'm getting this alert on my ISA Server 2004 Please help
 
Thanks
Alert Information 
Description: ISA Server detected routes through adapter LAN that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.)  The address ranges in conflict are: 10.1.1.0-10.1.1.0;.
<br>ISA Server detected routes through adapter WAN-DMZ that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.)  The address ranges in conflict are: 10.1.1.0-10.1.1.0;10.255.255.255-10.255.255.255;.

Open in new window

0
Comment
Question by:edmund7s
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 6

Expert Comment

by:Nyah247
ID: 21798776
You have some routes configured on your adapter that are or are not configured in your ISA Network settings.  Go to the cmd and type route /print then look at your persistent routes.  You should have all your internal ranges listed. These should also appear in your configuration under networks and include the full range (i.e. 192.168.0.0-192.168.0.255).  

There are sometimes when these messages can be ignored.  For example, I exclude the broadcast addresses of each range within my internal network configuration in ISA.  I will list (192.168.0.1-192.168.0.254) and since I leave out a portion of the range it will generate the error.
0
 
LVL 1

Author Comment

by:edmund7s
ID: 21808009
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     xxx.xxxx.x.x    xxx.xxxx.x.x      1
         10.1.1.0    255.255.255.0         10.1.1.1         10.1.1.1     20
         10.1.1.1  255.255.255.255        127.0.0.1        127.0.0.1     20
   10.255.255.255  255.255.255.255         10.1.1.1         10.1.1.1     20
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
     xxx.xxxx.x.x    255.255.255.0    xxx.xxxx.x.x    xxx.xxxx.x.x     10
    xxx.xxxx.x.x  255.255.255.255        127.0.0.1        127.0.0.1     10
   xxx.xxxx.x.x  255.255.255.255    xxx.xxxx.x.x    xxx.xxxx.x.x     10
        224.0.0.0        240.0.0.0         10.1.1.1         10.1.1.1     20
        224.0.0.0        240.0.0.0   xxx.xxxx.x.x    xxx.xxxx.x.x     10
  255.255.255.255  255.255.255.255         10.1.1.1         10.1.1.1      1
  255.255.255.255  255.255.255.255    xxx.xxxx.x.x    xxx.xxxx.x.x     1
Default Gateway:      xxx.xxxx.x.x
===========================================================================
Persistent Routes:
  None
0
 
LVL 6

Expert Comment

by:Nyah247
ID: 21808507
How many nics do you have and what do you have as their gateway and dns (internal or ISP)?
0
 
LVL 1

Author Comment

by:edmund7s
ID: 21808687
I have 2 NICS and their gateway and internal DNS is 10.1.1.1
0
 
LVL 6

Accepted Solution

by:
Nyah247 earned 2000 total points
ID: 21902750
Your internal nic should not have a gateway...only your external/dmz nic.  That is where the persistent routes come in.  As for DNS settings...you should onlya have DNS on internal and the server entry on the external/dmz nic should be blank.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question