?
Solved

Configuration Error on ISA Server

Posted on 2008-06-16
7
Medium Priority
?
610 Views
Last Modified: 2011-10-03
I'm getting this alert on my ISA Server 2004 Please help
 
Thanks
Alert Information 
Description: ISA Server detected routes through adapter LAN that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.)  The address ranges in conflict are: 10.1.1.0-10.1.1.0;.
<br>ISA Server detected routes through adapter WAN-DMZ that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.)  The address ranges in conflict are: 10.1.1.0-10.1.1.0;10.255.255.255-10.255.255.255;.

Open in new window

0
Comment
Question by:edmund7s
  • 3
  • 2
5 Comments
 
LVL 6

Expert Comment

by:Nyah247
ID: 21798776
You have some routes configured on your adapter that are or are not configured in your ISA Network settings.  Go to the cmd and type route /print then look at your persistent routes.  You should have all your internal ranges listed. These should also appear in your configuration under networks and include the full range (i.e. 192.168.0.0-192.168.0.255).  

There are sometimes when these messages can be ignored.  For example, I exclude the broadcast addresses of each range within my internal network configuration in ISA.  I will list (192.168.0.1-192.168.0.254) and since I leave out a portion of the range it will generate the error.
0
 
LVL 1

Author Comment

by:edmund7s
ID: 21808009
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     xxx.xxxx.x.x    xxx.xxxx.x.x      1
         10.1.1.0    255.255.255.0         10.1.1.1         10.1.1.1     20
         10.1.1.1  255.255.255.255        127.0.0.1        127.0.0.1     20
   10.255.255.255  255.255.255.255         10.1.1.1         10.1.1.1     20
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
     xxx.xxxx.x.x    255.255.255.0    xxx.xxxx.x.x    xxx.xxxx.x.x     10
    xxx.xxxx.x.x  255.255.255.255        127.0.0.1        127.0.0.1     10
   xxx.xxxx.x.x  255.255.255.255    xxx.xxxx.x.x    xxx.xxxx.x.x     10
        224.0.0.0        240.0.0.0         10.1.1.1         10.1.1.1     20
        224.0.0.0        240.0.0.0   xxx.xxxx.x.x    xxx.xxxx.x.x     10
  255.255.255.255  255.255.255.255         10.1.1.1         10.1.1.1      1
  255.255.255.255  255.255.255.255    xxx.xxxx.x.x    xxx.xxxx.x.x     1
Default Gateway:      xxx.xxxx.x.x
===========================================================================
Persistent Routes:
  None
0
 
LVL 6

Expert Comment

by:Nyah247
ID: 21808507
How many nics do you have and what do you have as their gateway and dns (internal or ISP)?
0
 
LVL 1

Author Comment

by:edmund7s
ID: 21808687
I have 2 NICS and their gateway and internal DNS is 10.1.1.1
0
 
LVL 6

Accepted Solution

by:
Nyah247 earned 2000 total points
ID: 21902750
Your internal nic should not have a gateway...only your external/dmz nic.  That is where the persistent routes come in.  As for DNS settings...you should onlya have DNS on internal and the server entry on the external/dmz nic should be blank.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Screencast - Getting to Know the Pipeline
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question