http://www.ISAserver.org ------------------------------------------------------- Looking at the routing table, you also added persistent routes. So now you have routes for 10.1, 10.2, 10.3, 10.4, 10.10 and 10.11. In ISA you need to tell it which networks these are part of. Go to General-Configuration-Networks and add them to Internal. Or create new Networks as needed. If you create new Networks you'll need to pay attention to the routing and then add those networks to the rules that have the access you want to grant that subnet. thanks, Amy Babinchak Harbor Computer Services |(248) 850-8616 Tech Blog http://securesmb.harborcomputerservices.net Client Blog http://smalltechnotes.blogspot.com Website http://www.harborcomputerservices.net Buy My House http://tinyurl.com/5gb5n8 -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rascher William Sent: Thursday, July 10, 2008 3:48 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Subnetted & now ISA problems http://www.ISAserver.org ------------------------------------------------------- Amy, I went to Configuration/Networks/Address ranges and added the subnets within ISA. We separated each campus, administration, & management into a subnet/VLAN. William Interface List 0x1 ........................... MS TCP Loopback interface 0x10003 ...00 60 08 ae ce 00 ...... 3Com 3C905TX-based Ethernet Adapter (Generic) 0x10004 ...00 a0 c9 cf ba b2 ...... Intel(R) PRO/100B PCI Adapter (TX) #2 ======================================================================== === Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.114.0.1 10.114.0.2 20 10.1.0.0 255.255.0.0 10.10.1.2 10.10.1.1 1 10.2.0.0 255.255.0.0 10.10.1.2 10.10.1.1 1 10.3.0.0 255.255.0.0 10.10.1.2 10.10.1.1 1 10.4.0.0 255.255.0.0 10.10.1.2 10.10.1.1 1 10.10.0.0 255.255.0.0 10.10.1.1 10.10.1.1 20 10.10.1.1 255.255.255.255 127.0.0.1 127.0.0.1 20 10.10.1.3 255.255.255.255 127.0.0.1 127.0.0.1 20 10.11.0.0 255.255.0.0 10.10.1.2 10.10.1.1 1 10.114.0.0 255.255.0.0 10.114.0.2 10.114.0.2 20 10.114.0.2 255.255.255.255 127.0.0.1 127.0.0.1 20 10.114.0.5 255.255.255.255 127.0.0.1 127.0.0.1 20 10.255.255.255 255.255.255.255 10.10.1.1 10.10.1.1 20 10.255.255.255 255.255.255.255 10.114.0.2 10.114.0.2 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 224.0.0.0 240.0.0.0 10.10.1.1 10.10.1.1 20 224.0.0.0 240.0.0.0 10.114.0.2 10.114.0.2 20 255.255.255.255 255.255.255.255 10.10.1.1 10.10.1.1 1 255.255.255.255 255.255.255.255 10.114.0.2 10.114.0.2 1 Default Gateway: 10.114.0.1 ======================================================================== === Persistent Routes: Network Address Netmask Gateway Address Metric 10.1.0.0 255.255.0.0 10.10.1.2 1 10.2.0.0 255.255.0.0 10.10.1.2 1 10.3.0.0 255.255.0.0 10.10.1.2 1 10.4.0.0 255.255.0.0 10.10.1.2 1 10.11.0.0 255.255.0.0 10.10.1.2 1 -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Thursday, July 10, 2008 14:34 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Subnetted & now ISA problems http://www.ISAserver.org ------------------------------------------------------- William, How did you configure the ISA server to recognize the new subnets? (as an aside...wow, that's a lot of subnets for a small network) Let's see the routing table and what your Internal network definition is. thanks, Amy Babinchak Harbor Computer Services |(248) 850-8616 Tech Blog http://securesmb.harborcomputerservices.net Client Blog http://smalltechnotes.blogspot.com Website http://www.harborcomputerservices.net Buy My House http://tinyurl.com/5gb5n8 -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rascher William Sent: Thursday, July 10, 2008 3:21 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Subnetted & now ISA problems http://www.ISAserver.org ------------------------------------------------------- We have just finished dividing our network into 6 subnets and subnets other than the one ISA 2006/Server 2003 are on have long delays before a web page is displayed. Most of the images don't load. Would someone point me in the right direction for a solution? William Firewall log shows; Denied, 0xc0040017, -, HTTP Proxy, A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the ISA Server computer. Denied, 0xc0040014, -, Unidentified IP Traffic A packet was dropped because ISA Server determined that the source IP address is spoofed. Web log shows; 10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:13, -, -, -, stj.msn.com, 10.10.1.1, 80, -, -, -, http, TCP, GET, http://stj.msn.com/br/hp/en-us/js/50/hptr.js, -, -, 10054, -, External Access rule, Req ID: 073473c7 , -, -, 0x2, Failed, -, - 10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:14, -, -, -, www.msn.com, 207.68.173.231, 80, -, -, -, http, TCP, GET, http://www.msn.com/, -, -, 200, -, External Access rule, Req ID: 073473c5 , -, -, 0x400, Allowed, -, - 10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:14, -, -, -, stj.msn.com, 10.10.1.1, 80, -, -, -, http, TCP, GET, http://stj.msn.com/br/hp/en-us/js/50/hp.js, -, -, 10054, -, External Access rule, Req ID: 073473c8 , -, -, 0x882, Failed, -, - 10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:43, -, -, -, stj.msn.com, 10.10.1.1, 80, -, -, -, http, TCP, GET, http://stj.msn.com/br/hp/en-us/js/50/hptr.js, -, -, 10054, -, External Access rule, Req ID: 073473d9 , -, -, 0x802, Failed, -, - 10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:43, -, -, -, www.msn.com, 207.68.173.231, 80, -, -, -, http, TCP, GET, http://www.msn.com/, -, -, 200, -, External Access rule, Req ID: 073473d7 , -, -, 0xd00, Allowed, -, - 10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:43, -, -, -, stj.msn.com, 10.10.1.1, 80, -, -, -, http, TCP, GET, http://stj.msn.com/br/hp/en-us/js/50/hp.js, -, -, 10054, -, External Access rule, Req ID: 073473da , -, -, 0x882, Failed, -, - ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx