Re: NetBios Traffic blocked at external interface
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 9 Aug 2001 06:40:05 -0700
Is there a DHCP server in your network that could still be handing that
range to the RRAS service?
Jim Harrison
MCP(2K), A+, Network+, PCG
----- Original Message -----
From: <john.hall@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, August 09, 2001 5:22 AM
Subject: [isalist] NetBios Traffic blocked at external interface
http://www.ISAserver.org
I spent last weekend renumbering my internal lan to a larger subnet for
expansion. I went from a 192.85.91.0/24 subnet to a 172.16.8.0/21. I
have an ISA box running firewalling and proxy services plugged into a
small Cisco router. I reconfigured the LAT and all of my ip rules and
filters on ISA as well. I also have netbios, DDNS and lmhosts lookup
disabled on the north interface.
Below is an example of what I'm seeing from my daily ip logs. Even though
every remnant of the prior 192.81.95.0/24 subnet is gone from my internal
lan and every instance of config on the ISA server, I'm seeing this great
amount of netbios traffic blocked at the north interface. The 192.81.95.10
address is the former address of the PDC. I have gone thru the ISA's
registry looking for any legacy instances pointing to 192.81.95.0/24 and
have found nothing.
This is all UDP traffic:
time source destination
00:00:01 206.162.169.123 192.81.95.10 1025 137
00:00:01 206.162.169.123 192.81.95.12 1026 137
00:00:02 206.162.169.123 192.81.95.10 1025 137
00:00:03 206.162.169.123 192.81.95.12 1026 137
00:00:19 206.162.169.123 192.81.95.199 1025 137
00:00:19 206.162.169.123 192.81.95.199 1026 137
00:00:21 206.162.169.123 192.81.95.199 1025 137
00:00:21 206.162.169.123 192.81.95.199 1026 137
00:00:34 206.162.169.123 192.81.95.10 1025 137
00:00:34 206.162.169.123 192.81.95.10 1026 137
00:00:36 206.162.169.123 192.81.95.10 1025 137
00:00:36 206.162.169.123 192.81.95.10 1026 137
00:00:46 206.162.169.123 192.81.95.199 1025 137
00:00:46 206.162.169.123 192.81.95.199 1026 137
00:00:48 206.162.169.123 192.81.95.10 1025 137
00:00:48 206.162.169.123 192.81.95.10 1026 137
00:00:50 206.162.169.123 192.81.95.10 1025 137
00:00:50 206.162.169.123 192.81.95.10 1026 137
00:00:53 206.162.169.123 192.81.95.10 1025 137
00:00:53 206.162.169.123 192.81.95.10 1026 137
00:00:55 206.162.169.123 192.81.95.10 1025 137
The ISA box acts as my RRAS for PPTP users as well, but I only have remote
users connected an average of 1-4 hours per day and I've checked the RRAS
config for legacy 192.81.95.0/24 instances and could find none there
either. I'm not experiencing any network slowness or problems but I'd
like to know what the heck is going on.
Thanks in advance for any help provided.
Jon.
john.hall@xxxxxxxxxx
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
