Link to home
Start Free TrialLog in
Avatar of mikey250
mikey250

asked on

isa 2006 - array query

hi ive configured my isa 2006 member server and all internal users receive internet access as normal.

ive run: msbpa and their is a configuration issue with my internal nic 1 - it mentions about 'array' and not sure if i should be installing this as ive been reading about 'array' and it was referring to 2 x isa and i only have 1 x isa!!

eventviewer - firewall has stopped

qns 1.  can anyone help ?
ISA-NIC-ARRAY-ISSUE.dot
SOLUTION
Avatar of abhishek1986
abhishek1986
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of mikey250
mikey250

ASKER

hi yes i realise that i can have 1 nic instead of 2 nics, but i will stick with 2 nics to learn for the time being as will need to know!!!:)

ive attached some screenshots!

im not even sure if this can actually effect my remote vpn ie locating files on server!!!!uuumm
firewall-policy.dot
network-rules.doc
network-rule-p2.doc
I am sorry but what is the exact problem and what help are you seeking for?
I am not getting your issues.
Can you explain a bit about it.
im not sure how to rectify the nic issue.  other experts have said my configuration is correct and they could not see where nic issue was!!

ive attached a screenshot.:)
ISA-NIC-ARRAY-ISSUE.dot
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
hi although yes my clients do have internet access.

yes i am concerned about how to put it right!!!

my isa/internal range is: 10.0.0.1 - 10.0.0.254 - set in isa and nothing else
my isa/external is: 192.168.0.3 - address does (not) change although allocated via my netgear router box/built-in dhcp.  ipconfig /all on isa shows correctly isp internet ip addressing as expected.

yes i have done 'route print' and i have nothing set except for default settings/configured settings that appear ok to me!! ive attached!:)

as a result the 'firewall switches' off in 'eventviewer' and not sure what impact this has!!
route-print.doc
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
hi abhishek1986, my laptop had an issue but resolved now!!

regarding the 'firewall policy' i was referring to isa!!

i will look at network tab and compare!!

thanks for responding!!:)
I am sorry, but do you mean ISA Firewall, or the Windows firewall service in ISA Machine?
If ISA firewall is down, the clients won't get internet access at all, so it can not be down, since you are saying that clients are getting their net connections just fine.
hi apologies for taking a while to come back.:)

no you mis-interpret as my main thread has a 'screenshot' attached of the error.  ive attached again and yes my internal users have internet access but this nic issue i have not got a clue what needs changing possibly in 'network rules' i assume!!!
ISA-NIC-ARRAY-ISSUE.doc
SOLUTION
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
hi keith originally im sure i did have it set as: 10.0.0.0 - 10.0.0.255, unless maybe i had done: 10.0.0.1 - 10.0.0.255 and changed it again but issue was still there.  i will put back as suggested network id - 0 & broadcast address 255 and reboot machine & run msbpa again!!

yes i did read that article as saved!!!
Don't need to reboot. :)
hi keith, oh well i did reboot anyway as it was just a double-check!:)

no this change did not make a difference ie now: 10.0.0.0 - 10.0.0.255

it states in msbpa: "isa server detected routes through the network adapter lan2 (which is my external address) that do not correlate with the network to which this network adapter belongs.  when networks are configured correctly the ip address ranges included in each array-level network must include ip address ranges but are not routable through any of the networks adapters: 10.255.255.255 - 10.255.255.255".

i understand what it means but not even sure after the change you suggested that i need some specific 'static' route although we did discuss this on a previous thread and you did suggest that it maybe something to do with my 'virgin media hardware provided ie: netgear router although the only thing i can think of is maybe the firmware, but i have spoken with my isp and they have said it is upto date.

other than the 'built-in dhcp on my netgear router box that has allocated a 'private address' to my isa/external nic, which stays the same as nothing else is plugged in and nothing else has been configured on netgear except for default settings. (dont forget my isa does detect my isp 'public addresses' via isa/external so that is not an issue as client machines have internet access as normal.

I just wanted to find out once and for all what this nic issue was and how to put it right!

i have also noticed when completing an isa 2006 fundamentals online/video practical course i have noticed intermitantly the 'firewall service' failing and rectifying itself so whether this is because of my nic query im not sure, but on reading i did not see any explanation to explain anythying other than what the 'msbpa' detected!
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
when doing my isa 2006 fundemantal course it shows an option in configurations for 'ip routing' that is 'ticked' acting like a router of sorts in 'kernel mode' which is the 'core' of the 'os' due to 2 networks ie internal/external and improves performance.

but if 'ip routing' is turned off it forces the comms up a little higher in the 'osi model' via the isa software which is supposed to slow the comms a little.

although it can be disabled for some other specific requirement although the course does not alloborate on exactly what!!

i have prior to this removed the 'ip routing tickbox', but the nic configuration still showed so i re-added the 'tick' as it is the default setting anyhow!

yes my netgear external router/built-in dhcp is set with a class c: 192.168.0.0/24

i assumed when you have used 'isa' that you did not get this error & so why do i ?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
hi keith i dont doubt you as just trying to increase in depth knowledge but linking my understanding as also completed that fundamental course which prompted a question or 2 but understood the rest as was practical!!:)

either way adding 'ip routing or not' does not resolve the 'nic array' issue that appears in the 'alerts' tab and so wanted to get rid of it once and for all.

the isa/external nic via a cross-over cable is plugged into my hardware netgear router box.  which according to my isa course it states that while the isa is a firewall it also states as it explains and shows how deep the isa can dig into applications of the 'os' for eg and protect and that also adding a hardware firewall on the outside to the internet is preferred.

so other than that nothing at all as just the 'coaxial' cable via my netgear router box direct to internet!!  all other ports are unused!

note: when changing the internal address range to: 10.0.0.0 - 10.0.0.255 in isa2006/configuration/network/network rules tab - it appeared to make changes everywhere else & in firewall policy when i checked!

all my machines are in use for this specific network design so once ive completed my tasks i can then delete and re-install and configure/connect for a new design so know as each of my machines all have 'static' addresses via my dhcp as also added manually except for my single xp host pc.

while im currently working on this specific issue and to save on my electric i have switched off my:

- wds server
- wsus server
- xp host pc

switched on:

- master dc/ad/dns/dhcp server
- isa2006/internal/external server
- netgear router box (hardware)
- cisco layer 2 switch

nothing else!

im just wondering even though my client xp pc and all servers currently have internet access still, is there something ive added additional that has caused this 'nic array' 'alert'..
hi keith i appreciate you maybe busy but wanted to know if you had anymore ideas for the network array issue i have even though i have only 1 isa and just jogging your memory from passed comments from you: ?

- isa/internal is set to: 10.0.0.0 - 10.0.0.255

- isa external is set with my (hardware netgear router box) via built-in dhcp - 192.168.0.3/24 - direct to the internet.

- isa external - does already detect my isp public addresses as normal and via 'ipconfig /all'

- intermitantly isa firewall looses connectivity in the 'alerts tab', but re-syns itself and brings it back online.

- clients have internet access
hi keith i even 're-installed/re-configured' the 'dhcp relay agent', thinking this would resolve my issue of still receiving 'nic array issue' even though im only using 1 x isa 2006 server & all hosts still have access to the internet!!
im in the middle of configuring a new network and i have added another server which i will install isa 2006 and i can then check if i get that same 'array' issue.  if i do get it i will update this thread and allocate points as normal.  as long as it appears my configurations are ok from what i did before.

so i appreciate your input 'keith'!!!
hi keith, i have not forgotten about this thread just letting you know im still configuring my network and when i get to this part i will check and see if the 'nic array' issue still shows.  either way if it does i will (close) this thread and allocate you the points anyway!!
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
although it appears i had not installed all relevant updates on my isa, it appears this did the trick but either way the responses i got were definately good troubleshooting methods.  appreciated!