[isalist] Re: Subnetted & now ISA problems

  • From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 10 Jul 2008 16:15:14 -0400

http://www.ISAserver.org
-------------------------------------------------------

Looking at the routing table, you also added persistent routes. So now
you have routes for 10.1, 10.2, 10.3, 10.4, 10.10 and 10.11. 

In ISA you need to tell it which networks these are part of. Go to
General-Configuration-Networks and add them to Internal. Or create new
Networks as needed. If you create new Networks you'll need to pay
attention to the routing and then add those networks to the rules that
have the access you want to grant that subnet. 

thanks,

Amy Babinchak


Harbor Computer Services |(248) 850-8616

Tech Blog http://securesmb.harborcomputerservices.net
Client Blog http://smalltechnotes.blogspot.com
Website http://www.harborcomputerservices.net

Buy My House http://tinyurl.com/5gb5n8


-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Rascher William
Sent: Thursday, July 10, 2008 3:48 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Subnetted & now ISA problems

http://www.ISAserver.org
-------------------------------------------------------
  
Amy,

I went to Configuration/Networks/Address ranges and added the subnets
within ISA. We separated each campus, administration, & management into
a subnet/VLAN.

William

Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 60 08 ae ce 00 ...... 3Com 3C905TX-based Ethernet Adapter
(Generic)
0x10004 ...00 a0 c9 cf ba b2 ...... Intel(R) PRO/100B PCI Adapter (TX)
#2
========================================================================
===
Active Routes:
Network Destination        Netmask          Gateway       Interface
Metric
          0.0.0.0          0.0.0.0       10.114.0.1       10.114.0.2
20
         10.1.0.0      255.255.0.0        10.10.1.2        10.10.1.1
1
         10.2.0.0      255.255.0.0        10.10.1.2        10.10.1.1
1
         10.3.0.0      255.255.0.0        10.10.1.2        10.10.1.1
1
         10.4.0.0      255.255.0.0        10.10.1.2        10.10.1.1
1
        10.10.0.0      255.255.0.0        10.10.1.1        10.10.1.1
20
        10.10.1.1  255.255.255.255        127.0.0.1        127.0.0.1
20
        10.10.1.3  255.255.255.255        127.0.0.1        127.0.0.1
20
        10.11.0.0      255.255.0.0        10.10.1.2        10.10.1.1
1
       10.114.0.0      255.255.0.0       10.114.0.2       10.114.0.2
20
       10.114.0.2  255.255.255.255        127.0.0.1        127.0.0.1
20
       10.114.0.5  255.255.255.255        127.0.0.1        127.0.0.1
20
   10.255.255.255  255.255.255.255        10.10.1.1        10.10.1.1
20
   10.255.255.255  255.255.255.255       10.114.0.2       10.114.0.2
20
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1
1
        224.0.0.0        240.0.0.0        10.10.1.1        10.10.1.1
20
        224.0.0.0        240.0.0.0       10.114.0.2       10.114.0.2
20
  255.255.255.255  255.255.255.255        10.10.1.1        10.10.1.1
1
  255.255.255.255  255.255.255.255       10.114.0.2       10.114.0.2
1
Default Gateway:        10.114.0.1
========================================================================
===
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
         10.1.0.0      255.255.0.0        10.10.1.2       1
         10.2.0.0      255.255.0.0        10.10.1.2       1
         10.3.0.0      255.255.0.0        10.10.1.2       1
         10.4.0.0      255.255.0.0        10.10.1.2       1
        10.11.0.0      255.255.0.0        10.10.1.2       1

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Amy Babinchak
Sent: Thursday, July 10, 2008 14:34
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Subnetted & now ISA problems

http://www.ISAserver.org
-------------------------------------------------------
  
William,

How did you configure the ISA server to recognize the new subnets? (as
an aside...wow, that's a lot of subnets for a small network)

Let's see the routing table and what your Internal network definition
is.

thanks,

Amy Babinchak


Harbor Computer Services |(248) 850-8616

Tech Blog http://securesmb.harborcomputerservices.net
Client Blog http://smalltechnotes.blogspot.com
Website http://www.harborcomputerservices.net

Buy My House http://tinyurl.com/5gb5n8

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Rascher William
Sent: Thursday, July 10, 2008 3:21 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Subnetted & now ISA problems

http://www.ISAserver.org
-------------------------------------------------------
  
We have just finished dividing our network into 6 subnets and subnets
other than the one ISA 2006/Server 2003 are on have long delays before a
web page is displayed.  Most of the images don't load.  Would someone
point me in the right direction for a solution?  

William

Firewall log shows;
Denied, 0xc0040017, -, HTTP Proxy,
A non-SYN packet was dropped because it was sent by a source that does
not have an established connection with the ISA Server computer.

Denied, 0xc0040014, -, Unidentified IP Traffic
A packet was dropped because ISA Server determined that the source IP
address is spoofed.

Web log shows;
10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:13, -, -, -, stj.msn.com,
10.10.1.1, 80, -, -, -, http, TCP, GET,
http://stj.msn.com/br/hp/en-us/js/50/hptr.js, -, -, 10054, -, External
Access rule, Req ID: 073473c7 , -, -, 0x2, Failed, -, -
10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:14, -, -, -, www.msn.com,
207.68.173.231, 80, -, -, -, http, TCP, GET, http://www.msn.com/, -, -,
200, -, External Access rule, Req ID: 073473c5 , -, -, 0x400, Allowed,
-, -
10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:14, -, -, -, stj.msn.com,
10.10.1.1, 80, -, -, -, http, TCP, GET,
http://stj.msn.com/br/hp/en-us/js/50/hp.js, -, -, 10054, -, External
Access rule, Req ID: 073473c8 , -, -, 0x882, Failed, -, -
10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:43, -, -, -, stj.msn.com,
10.10.1.1, 80, -, -, -, http, TCP, GET,
http://stj.msn.com/br/hp/en-us/js/50/hptr.js, -, -, 10054, -, External
Access rule, Req ID: 073473d9 , -, -, 0x802, Failed, -, -
10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:43, -, -, -, www.msn.com,
207.68.173.231, 80, -, -, -, http, TCP, GET, http://www.msn.com/, -, -,
200, -, External Access rule, Req ID: 073473d7 , -, -, 0xd00, Allowed,
-, -
10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:43, -, -, -, stj.msn.com,
10.10.1.1, 80, -, -, -, http, TCP, GET,
http://stj.msn.com/br/hp/en-us/js/50/hp.js, -, -, 10054, -, External
Access rule, Req ID: 073473da , -, -, 0x882, Failed, -, -

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 



------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 



------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 07-2008