?
Solved

Configuration Error on ISA Server

Posted on 2008-06-16
7
Medium Priority
?
607 Views
Last Modified: 2011-10-03
I'm getting this alert on my ISA Server 2004 Please help
 
Thanks
Alert Information 
Description: ISA Server detected routes through adapter LAN that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.)  The address ranges in conflict are: 10.1.1.0-10.1.1.0;.
<br>ISA Server detected routes through adapter WAN-DMZ that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.)  The address ranges in conflict are: 10.1.1.0-10.1.1.0;10.255.255.255-10.255.255.255;.

Open in new window

0
Comment
Question by:edmund7s
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 6

Expert Comment

by:Nyah247
ID: 21798776
You have some routes configured on your adapter that are or are not configured in your ISA Network settings.  Go to the cmd and type route /print then look at your persistent routes.  You should have all your internal ranges listed. These should also appear in your configuration under networks and include the full range (i.e. 192.168.0.0-192.168.0.255).  

There are sometimes when these messages can be ignored.  For example, I exclude the broadcast addresses of each range within my internal network configuration in ISA.  I will list (192.168.0.1-192.168.0.254) and since I leave out a portion of the range it will generate the error.
0
 
LVL 1

Author Comment

by:edmund7s
ID: 21808009
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     xxx.xxxx.x.x    xxx.xxxx.x.x      1
         10.1.1.0    255.255.255.0         10.1.1.1         10.1.1.1     20
         10.1.1.1  255.255.255.255        127.0.0.1        127.0.0.1     20
   10.255.255.255  255.255.255.255         10.1.1.1         10.1.1.1     20
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
     xxx.xxxx.x.x    255.255.255.0    xxx.xxxx.x.x    xxx.xxxx.x.x     10
    xxx.xxxx.x.x  255.255.255.255        127.0.0.1        127.0.0.1     10
   xxx.xxxx.x.x  255.255.255.255    xxx.xxxx.x.x    xxx.xxxx.x.x     10
        224.0.0.0        240.0.0.0         10.1.1.1         10.1.1.1     20
        224.0.0.0        240.0.0.0   xxx.xxxx.x.x    xxx.xxxx.x.x     10
  255.255.255.255  255.255.255.255         10.1.1.1         10.1.1.1      1
  255.255.255.255  255.255.255.255    xxx.xxxx.x.x    xxx.xxxx.x.x     1
Default Gateway:      xxx.xxxx.x.x
===========================================================================
Persistent Routes:
  None
0
 
LVL 6

Expert Comment

by:Nyah247
ID: 21808507
How many nics do you have and what do you have as their gateway and dns (internal or ISP)?
0
 
LVL 1

Author Comment

by:edmund7s
ID: 21808687
I have 2 NICS and their gateway and internal DNS is 10.1.1.1
0
 
LVL 6

Accepted Solution

by:
Nyah247 earned 2000 total points
ID: 21902750
Your internal nic should not have a gateway...only your external/dmz nic.  That is where the persistent routes come in.  As for DNS settings...you should onlya have DNS on internal and the server entry on the external/dmz nic should be blank.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses
Course of the Month12 days, 15 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question