Is there a DHCP server in your network that could still be handing that range to the RRAS service? Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: <john.hall@xxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, August 09, 2001 5:22 AM Subject: [isalist] NetBios Traffic blocked at external interface http://www.ISAserver.org I spent last weekend renumbering my internal lan to a larger subnet for expansion. I went from a 192.85.91.0/24 subnet to a 172.16.8.0/21. I have an ISA box running firewalling and proxy services plugged into a small Cisco router. I reconfigured the LAT and all of my ip rules and filters on ISA as well. I also have netbios, DDNS and lmhosts lookup disabled on the north interface. Below is an example of what I'm seeing from my daily ip logs. Even though every remnant of the prior 192.81.95.0/24 subnet is gone from my internal lan and every instance of config on the ISA server, I'm seeing this great amount of netbios traffic blocked at the north interface. The 192.81.95.10 address is the former address of the PDC. I have gone thru the ISA's registry looking for any legacy instances pointing to 192.81.95.0/24 and have found nothing. This is all UDP traffic: time source destination 00:00:01 206.162.169.123 192.81.95.10 1025 137 00:00:01 206.162.169.123 192.81.95.12 1026 137 00:00:02 206.162.169.123 192.81.95.10 1025 137 00:00:03 206.162.169.123 192.81.95.12 1026 137 00:00:19 206.162.169.123 192.81.95.199 1025 137 00:00:19 206.162.169.123 192.81.95.199 1026 137 00:00:21 206.162.169.123 192.81.95.199 1025 137 00:00:21 206.162.169.123 192.81.95.199 1026 137 00:00:34 206.162.169.123 192.81.95.10 1025 137 00:00:34 206.162.169.123 192.81.95.10 1026 137 00:00:36 206.162.169.123 192.81.95.10 1025 137 00:00:36 206.162.169.123 192.81.95.10 1026 137 00:00:46 206.162.169.123 192.81.95.199 1025 137 00:00:46 206.162.169.123 192.81.95.199 1026 137 00:00:48 206.162.169.123 192.81.95.10 1025 137 00:00:48 206.162.169.123 192.81.95.10 1026 137 00:00:50 206.162.169.123 192.81.95.10 1025 137 00:00:50 206.162.169.123 192.81.95.10 1026 137 00:00:53 206.162.169.123 192.81.95.10 1025 137 00:00:53 206.162.169.123 192.81.95.10 1026 137 00:00:55 206.162.169.123 192.81.95.10 1025 137 The ISA box acts as my RRAS for PPTP users as well, but I only have remote users connected an average of 1-4 hours per day and I've checked the RRAS config for legacy 192.81.95.0/24 instances and could find none there either. I'm not experiencing any network slowness or problems but I'd like to know what the heck is going on. Thanks in advance for any help provided. Jon. john.hall@xxxxxxxxxx ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')